Encrypted Drive (Use Imager or PRTK?)

If the entire drive is encrypted all you can do with the image is try to crack the password. If there is an encrypted container on an unencrypted drive you may find enough info to create a decent dictionary for your attack.

sudha, is the encryption on the drive TrueCrypt or something else?

It is TrueCrypt )

I'm using PRTK True crypt module to crack the file's password And i even know the encryption used(This reduces lot of problems ) ).

But i don't understand few things in PRTK as listed below.

(ADV-1-20) Dictionary primary followed by a two letter, language specific search ([EN-1] Common -en-c.adf)
(ADV-1-20)Dictionary primary followed by a two letter, language specific search ([EN-2] Miscellaneous-en-ca)
(ADV-1-21)Dictionary primary preceded by a 2 letter, language specific search()
BAS-2-05 Six Markov character with a threshold of one primary search
BAS-2-09 Six Markov character with a threshold of fifty primary search

And each search will have an associated size or number of possibilities. If i can understand the statements listed above then i can skip those attacks and reduce the number of attack to get the actual password.

PS I Googled for information of the same… But not successful ?

Thanks in advance
Sudha.

The dictionary attacks are a combination of your Golden Dictionary, any custom dictionaries you loaded and any regional dictionaries you loaded.

ADV-1-20 EN-1 and EN-2 are attacks based on the English dictionary and followed by a combination of two letters. For example the attack would try the word aardvark followed by aa, ab, ac, ad, etc. This would look like aardvarkaa, aardvarkab, aardvarkac, etc.

ADV-1-21 would be similar but the words would look like aaaardvark, abaardvark, acaardvark, etc.

Markov is a specific cipher. If you are big into math and want to read about iterating a cryptographically weak function r times I am sure you can find plenty of research to read.