Passware, Elcomsoft...
 
Notifications
Clear all

Passware, Elcomsoft and other password breakers

2 Posts
2 Users
0 Likes
1,200 Views
(@wotsits)
Posts: 253
Reputable Member
Topic starter
 

How much do people use these in their forensic examinations and are they forensically sound?

Are they less often used in law enforcement?
For example, in the UK there is legislation that can force a suspect to give up the password, so is this type of password breaking approach less well practiced?

They are quite expensive and I'm wondering how widely used they are.

 
Posted : 03/02/2016 11:28 am
(@randomaccess)
Posts: 385
Reputable Member
 

They're definitely used; the extent to which depends on your caseload. I'd use some sort of passcode decryption or bypass utility on most jobs. For computers, I usually like to crack the windows password because it may assist in saying that person x was the owner/primary user of the comptuer. And mobiles, sometimes you may have to get the passcode before proceeding with a download.

Forensically sound is an interesting question; for mobile devices you are changing data. The extent to which varies, but sometimes you need to do it because that where the evidence resides. For files, well they're copies anyways and you can run things too multiple times.

I would say if youre using passware to recover passwords out of a hiberfil/memory dump that you then decompress and search through manually for the passwords. I've found additional data surrounding the passwords that provided additional context that was quite useful (but not passwares main focus and therefore not their concern to show)

 
Posted : 03/02/2016 12:29 pm
Share: