Nowadays, computer data is everywhere around and it’s growing at amazing speeds from hour to hour. It’s really fast, easy and convenient to stay active online day and night. No matter how easy it may be for the user, for computer crime investigators, on the contrary, it is the toughest challenge to collect and decrypt digital evidence. Even more important for them is to be able to evaluate a particular situation and understand what exactly they can collect, where it may be stored, how quickly and effectively they can get hands on it leaving the data intact and authentic in order to keep it still useful and trustworthy in court.
The crime scene has also moved or better to say spread from computers to mobile devices that can not only “carry” but also produce, process and transfer valuable information among other mobile devices or even into the cloud. This introduces another big challenge, which is tracing a connection between various electronic devices, collecting necessary information from them and gathering evidence into one case.
A successful completion of the investigation requires a well thought-out and structured incident response scenario and a whole arsenal of tools, techniques and methods at hand that could be implemented quickly and effectively.
In Revision 2, I have added a small section, to highlight the importance of understanding SQLite databases and using SQLite tools in order to analyze the information contained within SQLite database files.
This article is related to running Sanderson SQLite Forensic Toolkit on a Mac OS X system. I apologize in advance for the lengthy read but please take the time to read everything and understand the concepts. I had to peruse the CrossOver wiki and support areas in order to understand what needed to be accomplished for unsupported applications to work. Read the rest of this entry »
Anyone considering the possibility to purchase Elcomsoft Distributed Password Recovery has a wonderful opportunity to explore the program together with Sethioz and get a clearer understanding of how the program works and what requires your special attention when you are using EDPR. This video assumes you are already familiar with basics of password cracking and suggests more information for your convenient work with the tool.
This is a very detailed tutorial showing how to prepare EDPR for work, which includes setting up connection between server and agents via local host or Internet, selecting the right IP address, paying attention to the fact that server’s and agent’s versions should be the same (users often neglect this fact), choosing a task, choosing the right attack options (they are all sufficiently explained), using side monitoring tools, checking your GPU temperature and utilization percentage on all connected computers and so on. So, let’s watch it now.
If you had any questions watching this video or would like to share your own experience using EDPR you are welcome to continue the topic here in comments.
If you care about password cracking, hardware acceleration or Wi-Fi protection this interview with our friend Sethioz is certainly for you. Being currently a freelance security tester Sethioz kindly shared his experience in cracking passwords using video cards, which in its turn derived from his gaming interest in cards. His personal experience may be very helpful to those whose concern about password cracking is not trivial.
How did it all start or what was the reason to try to find a Wi-Fi password?
There is no short answer to this, if there would be, I guess it would be “curiosity”. I think I got my first computer somewhere in 2002-2003 (my own PC) and ever since I’ve been interested in everything that is not “normal”, such as reverse engineering, debugging, hacking games, cracking password etc. Read the rest of this entry »
How many passwords does an average Joe or Jane has to remember? Obviously, it’s not just one or two. Security requirements vary among online services, accounts and applications, allowing (or disallowing) certain passwords. Seven years ago, Microsoft determined in a study that an average user had 6.5 Web passwords, each of which is shared across about four different websites. They’ve also determined that, back then, each user had about 25 accounts that required passwords, and typed an average of 8 passwords per day.
It didn’t change much in 2012. Another study determined that an average person has 26 online accounts, but uses only five passwords to keep them secure, typing about 10 passwords per day. CSID has a decent report on password usage among American consumers, discovering that as many as 54% consumers have five or less passwords, while another 28% reported using 6 to 10 passwords. Only 18% had more than 10 passwords. 61% of all questioned happily reuse their passwords over and over.
This obviously indicates a huge risk, making all these people susceptible to attacks on their passwords. Why do we have this situation, and what should one do to keep one’s life secure against hacker attacks? Let’s try to find out.
Passwords: Plagued with Problems
Passwords are the most common way of securing the many aspects of our lives. However, password-based protection is plagued with problems. Let’s have a look at why passwords are less than perfect when it comes to security. Read the rest of this entry »
Everyone must comply with government requests to disclose information. How far should one go when disclosing such information? This is up to the company. In a recent trend, several big IT companies including Apple, Facebook, Google and Microsoft among others teamed up to propose a change in US legislatures concerning governments spying on its citizens. The reform would make government surveillance “consistent with established global norms of free expression and privacy and with the goals of ensuring that government law enforcement and intelligence efforts are rule-bound, narrowly tailored, transparent, and subject to oversight”.
We are excited to announce an update to one of our oldest mobile forensic tools, Elcomsoft Phone Breaker. In this release we mostly targeted iCloud acquisition, although we’ve made some changes to the password recovery algorithm targeting iOS offline backups. All in all, the new tool can be used under a wider range of circumstances, squeezes more juice of your existing acceleration hardware and adds support for newest and greatest AMD and NVIDIA boards.
In light of recent security outbreaks, Apple introduced a number of changes to its security policies. As one of the leading security companies and a major supplier of forensic software for iOS devices, ElcomSoft is being constantly approached by IT security specialists, journalists and forensic experts. The most common question is: how will the new security measures affect iOS forensics? Read the rest of this entry »
Two years ago, ElcomSoft analyzed some 17 password management applications for mobile platforms only to discover that no single app was able to deliver the claimed level of protection. The majority of the apps relied upon proprietary encryption models rather than utilizing iOS exemplary security model. As a result, most applications were either plain insecure or provided insufficient security levels, allowing a competent intruder to break into the encrypted data in a matter of hours, if not minutes. Full report (PDF) is available here.
Today, we need stronger security more than ever. Was the urge for stronger security recognized by software makers, or are they still using the same inefficient techniques? In order to find out, we decided to re-test some of the previously analyzed products. Keeper® Password Manager & Digital Vault will the first subject for dissection.
Back in 2012, we weren’t much impressed by security in any of the apps we analyzed. Two years later, Keeper developers claimed they’ve successfully implemented the suggestions we made during the last analysis. The developers claim to have used 256-bit AES encryption, PBKDF2 key generation, BCrypt, and SHA-1 among other things. Let’s see if these improvements lead to stronger security.