Passware Kit 2022 v4 – Evidence Discovery on macOS Ventura

What’s new in Passware Kit 2022 v4

  • Support for macOS Ventura
  • Password recovery and data extraction from 1Password v8
  • Faster VeraCrypt password recovery
  • Password recovery for a specified QuickBooks account
  • Improved Windows password reset for UEFI systems
  • New dictionary: Vietnamese
  • Option to disable MD5 calculation
  • Remote update of Passware Kit Agent to a compatible version
  • UI improvements

What’s New Video

For your convenience, we have included a video of all the newest features of Passware Kit 2022 v4. Take a look!

Passware Kit 2022 v4 introduces support for the highly anticipated macOS Ventura (or macOS 13): APFS disk decryption, memory analysis, T2 unlock, and Keychain data extraction.

All editions of Passware Kit 2022 v4 are compatible with both Intel- and M1/M2-based Macs running the latest version of macOS.

The new version supports 1Password 8 databases across all desktop platforms: Windows, Linux, and macOS.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

Passware Kit 2022 v4 detects hash types of system volumes encrypted with VeraCrypt, speeding up the password recovery process.

It also helps users to gain access to sensitive data in QuickBooks databases by brute-forcing the original passwords for QuickBooks accounts.

This new version adds a Vietnamese dictionary, makes MD5 calculation optional, and simplifies the remote management of password recovery agents.

Support for macOS Ventura

Passware products fully support the newly released macOS Ventura, including password recovery and decryption for FileVault2/APFS disk images, memory image analysis, T2 unlock, and Keychain data extraction.

The decryption capabilities for macOS vary depending on the Passware Kit edition.

Password recovery and data extraction from 1Password v8

Passware Kit 2022 v4 supports the latest version of 1Password manager – v8, for Windows, macOS, and Linux. The recovery speed on an AMD Radeon RX 6900 XT is 36,700 passwords per second.

After recovering the master password, Passware Kit extracts all the passwords and other records from the 1Password vault.

Faster VeraCrypt password recovery

Passware Kit 2022 v4 detects VeraCrypt hash types of Windows system volumes with GPT partition tables.

This helps to avoid checking irrelevant hashes and significantly speeds up the overall VeraCrypt password recovery process.

Password recovery for a specified QuickBooks account

Passware Kit decrypts QuickBooks databases instantly. However, there might be cases when some sensitive data in the database is available only with the original password. For such cases, Passware Kit 2022 v4 offers a brute-force password recovery option with a choice of accounts to recover the passwords for.

This option is available for Windows versions of QuickBooks 2006-2022.

Improved Windows password reset for UEFI systems

The latest update resets Windows account and Domain Administrator passwords for Windows systems set up in the UEFI mode, including Windows versions 10 and 11.

Also, Passware Kit now supports booting in UEFI mode directly from a WindowsKey.ISO file. There is no more need to burn the password reset ISO on a CD or USB drive to boot the locked virtual PC.

New dictionary: Vietnamese

New language sets are being added to Brute-force, Xieve, Mask, and Dictionary attacks on a regular basis. As an update, Passware Kit 2022 v4 includes a Vietnamese dictionary.

Option to disable MD5 calculation

The “Tools|Options” menu now contains an option to disable the MD5 hash calculation for encrypted and decrypted files. This reduces the time required to process large files and disk images.

Remote update of Passware Kit Agent to a compatible version

For distributed password recovery, Passware Kit now detects whether the version of its Agents is different and updates them remotely to the compatible version. This simplifies the management of the distributed password recovery processes.

UI improvements

Passware improves the usability of Passware Kit in batch mode by displaying passwords on the Passwords Found tab as they get recovered, not after the overall password recovery process is completed or stopped. Also, the Help menu now contains the relevant list of file types supported by the particular edition of the Passware Kit.

More information about this release on Passware website.

Leave a Comment

Latest Videos

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools. 

They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi.

Show Notes:

A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf

Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi

A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi

European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234

YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/

Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools.

They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi.

Show Notes:

A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf

Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi

A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi

European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234

YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/

Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_7QiFTiuY7Vw

AI In CSAM Investigations And The Role Of Digital Evidence In Criminal Cases

Forensic Focus 22nd March 2023 12:44 pm

Throughout the past few years, the way employees communicate with each other has changed forever.<br /><br />69% of employees note that the number of business applications they use at work has increased during the pandemic.<br /><br />Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.<br /><br />Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.<br /><br />Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.<br /><br />With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.<br /><br />Join Monica Harris, Product Business Manager, as she showcases how investigators can:<br /><br />- Manage multiple cloud collections through a web interface<br />- Cull data prior to collection to save time and money by gaining these valuable insights of the data available<br />- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box<br />- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee<br />- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_g6nTjfEMnsA

Tips And Tricks Data Collection For Cloud Workplace Applications

Forensic Focus 20th March 2023 12:00 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...