Don't suppose anyone knows a way around self executable PGP encrypted files on a system?
Files have been encrypted/decrypted on the actual system. I Did a EFS scan on encase but to no success. Would there be a history or temp file of the encrypted/decrypted files as part of the PGP prgram? I very much doubt it myself. Any thoughts on how to get into the files? The disk itself is not encrypted, just individual files.
Regards
Off the top of my head I believe PRTK handles PGP self decrypting archives. I have had good success in the past with using FTK to index the image, then exporting a word list and making a PRTK dictionary from it to use against the file (assuming you have FTK of course).
My only other suggestion (which I imagine you have probably already done) would be to look for files of the same name, but different extension. I believe by default PGP self extracting executables are created with the same name as the file you are encrypting.
Thanks for reply. I don't think the dictionary attack would do the job in my life time, I am quite sure the password is one heck of a alphanumeric word.
I did check for the files with the same names, this case did apply to several but there is one particular file which I need that is only encrypted. I have recovered unallocated sections of this file, but I need the actual file, No Weaknesses in this algorithm or ways around? Or any one know of organisations specialising in decryption?