Hi, I was wondering which of the password recovery tools are ones that people have had good results with, for example, ones from the following vendors as a start….AccessData, NTI, Paraben, Passware…..
Thanks!
Accessdata started out in password recovery and I think they are ahead of the rest.
But, of course it is all dependent on what you are trying to get back.
Cain, Ripper, and lots of underground software is really good.
There was a report I think by Secure Computing or PC mag about a year ago comparing password recovery products - though of course now it would be rather dated, AccessData are good & the use of their Rainbow tables (recomended) & DNA makes a huge world of difference in recovery times, huge!
Perhaps a forum member would volunteer to do such an eval for the group?
Thanks & Regards,
I, too, am looking for a comprehensive Password Recovery/Cracker solution. I want to purchase the right product–preferably ONE product–that will suit my business needs. I want to avoid paying for 50 different applications that each specialize in just a few types of files. If I need to spend a substantial amount for the right solution, I will. If a single solution does not exist, I would like to know what handful of software would be best.
In my research, I have run across myriad password software tools, but few that look promising as a total solution. Elcomsoft has a comprehensive tool. However, I have no idea as to what kind of return on my $1300 investment would be.
I have used the demo version of PRTK and am not impressed.
I have used Passware with some success.
I have used AOPB demo, which seems to be able to get encryption keys–I have to pay $199 for the business software license to decrypt Office files. And, unfortunately, AOPB is not a single solution. They offer quite a few modules for different file types. I don't want to get "nickled and dimed" to death to cover my requirements.
IMPORTANT Please, if you have viable feedback for me that expresses your experience with these or other password software tools, I would love to hear it and your recommendations. If you just want to reply with general info and vague references to searching the Internet, you would be wasting your time and this site's drive space in posting such a reply.
Thank you, in advance, for your valuable assistance.
- Sean
Hi rktung,
success ….. it's horses for courses. what passes are you trying to recover, how long you have in terms of waiting time, how much money you are willing to spend etc. And is it in password recovery itself that your interest lies, or forensics?
Hi Sean,
in addition to the above
I noticed you mentioning return on investment. What exactly *are* your business needs? is this forensic analyisis, data recovery or password cracking services you are trying to "return inestment" on?
I've used tools from both elcomsoft and Accessdata. i'm surprised by your impression of PRTK as i've found it to be excellent on most all applications it was pointed at.
Do Elcomsoft have access to rainbow tables yet? i know they also can split across multiple machines but i dont think its as extensive as AD's DNA.
the last time i used Elcomsoft, iirc it was ok if you installed the app on the target machine Eg It's ok for instance if its password protected documents, zips etc as they are not resident but you couldn't hook it up to say check system passwords on a secondary drive. things may have changed.
What aspect of PRTK were you not impressed by?
Kern
Hi, Kern,
Thanks for your assistance.
I am new to this field, setting up a forensic analysis business with limited resources ($$). And I am, frankly, quite overwhelmed by the myriad choices.
In answer to your PRTK question, I am using the demo version and wonder whether I am using it incorrectly or if it is crippled. I cannot decrypt Zip files with it, using Brute Force or Known Plaintext attacks. It will queue up jobs successfully when I initiate them. But, shortly afterwards, they disappear with no warning or message.
I do like AD's FTK very much. However, the cost of $3000 is daunting. 😯
Do you have any thoughts on AOPB (Advanced Office Password Breaker)? Also, what would you use on a .PWL file?
Thanks, in advance, for your help!
Sean
In answer to your PRTK question, I am using the demo version and wonder whether I am using it incorrectly or if it is crippled. I cannot decrypt Zip files with it, using Brute Force or Known Plaintext attacks. It will queue up jobs successfully when I initiate them. But, shortly afterwards, they disappear with no warning or message.
The demo is crippled in the length of password it can recover. Also make sure you are using the most recent demo. Some earlier versions of 6 were flaky.
I do like AD's FTK very much. However, the cost of $3000 is daunting.
The $2745 is for UTK which includes FTK, PRTK, Registry Viewer, DNA (50), WipeDrive and 3 days of BootCamp training. If you want to give it a go without training FTK is $1095 and UTK is $1949. Training alone is $1845.
Do you have any thoughts on AOPB (Advanced Office Password Breaker)?
It is a good tool but I have switched to AD Rainbow Tables.
Also, what would you use on a .PWL file?
PRTK
Sean, in additon to bitheads info
sounds like u have a faulty demo. maybe make a few zips yourself and check where it falls over.
Forensics is usually time critical. For MS word and associated files, AD rainbow tables is probably the best odds of cracking the pass quickly.Make sure you understand how it works, and its limitations tho. decryptum site FAQ/tech info is good for this.
If you are limited on budget, you may consider using an online service (check the passware site) that opens an MS doc. they attack the key not the pass so you can't, say, get one cracked and try a pass on the others. Obviously this helps them get return trade on batches, and they offer a reduced fee the more docs you need cracking.
AOPB, i tried a couple of yrs back. the version i had allowed me to split the job in question over 3 pc's, The total time to get in, i worked out would be a max of 6 days at the cpu speed i had. It recovered inside 2 days.
Comparitively, Rainbow would have me in inside in minutes, and only using 1 pc.
UTK full suite also has DNA. Distributed network attack. This works out cheaper than Rainbow's but takes longer, and is only of much use say, in an office where you can hook up extra PC's and use redundant CPU time.
Elcom Effectively the progs have, as most other, Dictionary attack, Brute force and a distributed network mode etc. I think on the whole AD is cheaper and more effective. Elcoms newish pricing policy puts me off tho.
Passware similarly , bf/dict/ & xieve a util to minimise wasted time on nonsense combinations when using bruteforce. make of that what you will. would it remove a valid pass thinking it was just a "nonsense combo"
PRTK / UTK - comprehensive suite. well supported, offers training. Works with system keys and so on. You can even just point it at a drive and say check for passes. it parses the drive and starts spitting them out.
Finally, newer docs / zips etc are using AES. this can slow the crack down to snails pace. a few tens or hundreds per sec, not thousands or millions.
check compatibility with Rainbow before you buy.
This is where knowledge and training are worth their weight. Start learning how to craft dictionaries. Make use of user info, and maybe make a complete list of text words that are on a drive. its a Profiled dictionary.
PRTK can make use of this and apply excellent algorithms appending or prefixing , swapping cases, adding numers etc. the usuals.
Just supply your dictionary, wait for it to churn its own combo's and then it starts. beware watched pot never boils. Hook it up, go do other work, come back much later.
The only other addition to your arsenal could be John the ripper although it won't do MS applications.It is useful for *nix type logins, among others, *nix logins make use of Salts, which render Rainbow tables useless.
hth
Kern
Kern is really on top with his answers. You won't go wrong with his advice.
Also, what would you use on a .PWL file?
Sean, you can also use JohnTheRipper on a .pwl file but it is truely slower than Kern's suggestions. You also might consider some of the online Rainbow tables sites that will do lookups one at a time. They seem to be somewhat limited but if you have more time then money, you might have a shot.
I think we all understand the limited budget problem but this case might show why things like PRTK are worth it.
Thank you, all! I so very much appreciate the helpful feedback!
Given the strong support and appreciation of UTK, I am leaning toward that solution–pricy as it is. The old adage "You get what you pay for…" comes to mind, provided it is the right tool. If I want to turn a screw, I want to buy a solid screwdriver, instead of a saw. )
Any suggestions on where to purchase the package with training? ? I am on the East Coast near the D.C. area.
Also, I will have to learn about rainbow tables. Right now, I have zero understanding of them. I know they exist, but, beyond that, I have no idea how to construct or employ them. How should I go about educating myself on this topic? ?
Thanks, again, BitHead, Kern, and Dennis!
Best regards,
Sean