I am trying to build an attack dictionary from the index I have created in EnCase. One of the first things I noticed about the index is its contents are all lower case. I've put together a script that takes this list and builds every possible combination of case for each string in the index. I wrote it in PHP but may try to work something out in C as I imagine it's quite a bit faster.
The question I have for you is how does one go about exporting an index that has not had its case modified?
My guess is this is impossible.
Also, how do you execute a dictionary attack on zip archives in EnCase? I am using fcrackzip, at present, but would like to know if this is possible with EnCase. I see the User's Guide states
EDS can attack NT based user account passwords and cached net logon passwords using a dictionary attack
I'm not sure if this is a statement claiming EnCase can ONLY attack NT based user account passwords and cached net logon passwords or not.
Try looking at the tools menu. There is a Passware Export option. During that export a text file is produced containing the index.
Try looking at the tools menu. There is a Passware Export option. During that export a text file is produced containing the index.
Indeed. I am aware of this. The index contains objects that are all in lower case.