Join Us!

ckm File Extension ...
 
Notifications
Clear all

ckm File Extension from 2009  

  RSS
Kaly
 Kaly
(@kaly)
New Member

I have an old case we are working on that has potential passwords saved inside of a file with a file extension of ckm. We've searched but could only find information from after the creation date on these files. Wondering if anyone here has heard of an old file that had a ckm extension, and if so, what is it? My other thought is that the suspect has changed the file extension on these files, but I have to locate the actual files still. I only have a spreadsheet that has them listed to know that they "exist". TIA

Quote
Posted : 04/10/2019 8:00 pm
jaclaz
(@jaclaz)
Community Legend

Did you already exclude that it is a "known" file with a changed extension?
I.e. "file" on Linux and Trid on Windows? (or similar)
http//mark0.net/soft-trid-e.html

jaclaz

ReplyQuote
Posted : 04/10/2019 8:31 pm
Kaly
 Kaly
(@kaly)
New Member

No, because I don't actually have the files yet. I only have the file listing stating that these files exist.

ReplyQuote
Posted : 04/10/2019 8:32 pm
athulin
(@athulin)
Community Legend

Wondering if anyone here has heard of an old file that had a ckm extension, and if so, what is it? My other thought is that the suspect has changed the file extension on these files, but I have to locate the actual files still.

First off, throw away any idea that file extension always is a 'tell' to what the file contains. It may provide a hint, but as software developers tend to use their own extensions with little or no regard to if anyone has ever used it before, you can't really say anything about some particular extension that has any reasonable degree of confidence. If you know the software platform, you may be more confident about some extensions (such as .EXE on Windows), but you probably need to check that it conforms to a file type the loader understand.

That is, if you're asked 'We found a file with .CKM extension and a possible password inside. DO you know what it is?' The only reasonable answer is 'No'.

You may have a list of software that is known to use such file … but the answer is still 'no', because there surely far more out there that use that extension that's not on your list.

You didn't say what you tried before you posted … so I may be repeating stuff you already attenpted.

Idea Check registry on the system. It may be associated with a product.

Idea Look through the NIST NSRL hashes for files that end in .ckm. While it may appear to be enough to check legacy hashes, don't skip the current ones. Then identify the relevant product for any hits.

Idea If you have access to some kind of CD archive (there is one at archive.org that I haven't looked at for years), search for content with .ckm in file names. I have looked over my private collection (which is basically a lot of MSDN disks along with lots and lots of game CDs, magazine CDs, AOL CD's and similar stuff that normal people throw away), without finding anything.

I'm not sure if Bit9 still offer their fileadvisor product/service (they're Carbon Black nowadays). They collected file hashes from all over the internet, and usually had lots of stuff that never showed up elsewhere. It was usually possible to one or two searches for free. Again, haven't used it since their fileadvisor app stopped working.

Idea Check over some really big FTP search engine . Mamont.ru? Or similar. They usually have lots of stuff. Some care is advised … you may not want to connect from a office computer. I've never had any problem myself, but …

ReplyQuote
Posted : 05/10/2019 6:53 am
jaclaz
(@jaclaz)
Community Legend

No, because I don't actually have the files yet. I only have the file listing stating that these files exist.

So, unless the file names are - say - mysecretpasswords.ckm and OMGmorepasswordshere.ckm the idea that they may contain passwords (or any other relevant data) is as valid as the one that it is just a normal text file with a changed extension, containing the Metterling lists
https://www.nytimes.com/2007/11/18/books/review/1st-chapter-insanity-defense.html

First list

List No. 1

6 prs. shorts
4 undershirts
6 prs. blue socks
4 blue shirts
2 white shirts
6 handkerchiefs
No starch

Anyway, before 2009 .ckm was an extension used by some files for Microsoft MED-V client/server setup.
https://blogs.technet.microsoft.com/medv/2010/06/07/a-closer-look-at-the-med-v-image-and-data-repositories/

· .CKM Files – The .CKM (Compressed Kidaro Machine) files represent the packed images that have been deployed to the server. These are the images that have been linked to specific workspace policies for users. The image is packed first on a MED-V client running the MED-V management console and encrypted.

IF that is the case, the filename might end with "_1" or similar
https://madvirtualizer.wordpress.com/2011/07/19/med-v-v1-and-image-version-lineage/

jaclaz

ReplyQuote
Posted : 05/10/2019 9:47 am
Kaly
 Kaly
(@kaly)
New Member

@jaclaz Thank you, that's very helpful!

ReplyQuote
Posted : 07/10/2019 3:39 pm
pochael
(@pochael)
New Member

There is also a CKM registered extension for an Encryption enforcement technology. The technology does hold the encryption keys within the self protecting objects that CKM creates. It stands for constructive key management.

However, here is the concern…. If it is our CKM, its Quantum Safe Encryption enforcement and there is no way you will get to the information without the token the user has.

here is our website that has more information https://cybxsecurity.com/quantum-ckm/

ReplyQuote
Posted : 31/10/2019 1:43 pm
jaclaz
(@jaclaz)
Community Legend

There is also a CKM registered extension for an Encryption enforcement technology. The technology does hold the encryption keys within the self protecting objects that CKM creates. It stands for constructive key management.

However, here is the concern…. If it is our CKM, its Quantum Safe Encryption enforcement and there is no way you will get to the information without the token the user has.

here is our website that has more information https://cybxsecurity.com/quantum-ckm/

Registered WHERE/WHEN? 😯

You may have registered "CKM", but I doubt you can register a file extension.

Did you actually made those files in 2009 (that is roughly 10 - ten - years ago)? ?

jaclaz

ReplyQuote
Posted : 31/10/2019 8:17 pm
pochael
(@pochael)
New Member

It was actually a recognized file extension internationally.

ReplyQuote
Posted : 04/11/2019 2:33 pm
jaclaz
(@jaclaz)
Community Legend

It was actually a recognized file extension internationally.

Recognized by WHOM?
Since WHEN?

jaclaz

ReplyQuote
Posted : 05/11/2019 2:11 pm
Share: