I need to crack a password/phrase protected 'stuffit' self extracting .exe file, on a Windows XP box. None of my usual stuff (PRTK, etc) will work with it. Any ideas?
Andy
Andy,
Were you able to recover any passwords from the registry? Or maybe from the pagefile if you don't find any there. My best chance of success is usually from recovering as many other passwords as I can and just trying those.
oh from tha pagefile?
interesting, how someone could retrieve password (and other useful information) from it?
Is there some tool that perform pagefile "parsing" or "interpreation"?
Searching the pagefile is really like searching the unallocated space. Data has to be carved out, but you can find a lot there. It can be parsed with any good forensic tool.
Thanks
Andy
Hi greg,
this thing of pagefile it's really interesting for me..
but you have to perform the pagefile analysis "offline" or you can do it with os in execution?
Thanks
Lonely Wolf
You can't access the pagefile of a live system. I'm speaking of a forensic analysis of a system. You can search it manually for file headers, text, etc. Or use something like FTK's data carving feature or Encase Enscripts.