Folks,
Have any of you ever had an investigation where in such you have an encrypted archive file you were not able to break the encryption to reveal the contents.
If so how did you deal with this, how did you put this in a report, simply it was not recoverable??
Thanks
Options
1) Did you try Passware with known plaintext attack. Help feature of passware describes how to setup known plaintext attck within the program.
Another tip is that did you try the passwords already cracked related to this task , if any. Sometimes I have gotten lucky by breaking password for one file and was able to use it for other files.
2) Distributed network attack where you employ free resources of machines on the network to work together and try to crack the password. I am setup for it. If you are able to forward the archive, I can attempt, provided sensitivity and confidentiality is not a concern.
Unfortunately I have already tried those suggestions.
I tried a known plaintext, I also tried the already cracked passwords and also created a wordlist from the case and still nothing. I used Passware and also PRTK.
Thanks for the reply -)
Being a Brit I do not have any knowledge of Canadian Law but if the image was obtained as a result of a Warrant or some other Court Order there may be a duty of disclosure on the part of the owner of the data. In England it is an offence to fail to disclose passwords in many criminal matters and it would be a breach in civil disclosure. Worth a try?