Password Recovery

Encrypted evidence appears in more and more cases with each passing year. Fortunately there are specialized tools which make it practical to recover passwords in many situations.

Finding & Identifying Encrypted Materials

One of the first steps in sorting and cataloging digital evidence is locating and identifying encrypted content. Software helps to automate this process.

Recovering Passwords (Password Cracking)

Of course, identifying encrypted content is only the first step. Once having located and identified encrypted files of interest it is necessary to decrypt those files if they are to have any evidentiary value - a process referred to as "password recovery". Software and specialized hardware can both assist with password recovery.

As shown in the diagram, specialized software like Passware Kit Forensic (PKF) is central to the password recovery process. The encrypted evidence - typically a file, but sometimes an encrypted volume - is provided as an input to PKF. It is also possible, but not required, to provide PKF with an input list of candidate passwords - perhaps an indexed list of words collected from the suspects computers/phones/handwritten notes/etc. PKF then calculates millions and often billions of password combinations looking for one that successfully decrypts the file.

These calculations can be very time-consuming and it is possible to accelerate the process using specialized hardware. PKF is designed to work with GPUs (graphics processing units like those from nVidia and AMD) to speed up the rate at which passwords can be tested, often by several orders of magnitude. PKF can even coordinate password recovery using multiple computers across a network, each of which can have its own GPUs to further accelerate the work.

Hardware Acceleration

For situations where password recovery is especially critical you can accelerate the password recovery process by adding specialized hardware like Comino's DPR.

Jumpstart the Software Learning Curve with Digital Intelligence Training

Acquiring tools is step one. Using them effectively while sifting through complex regulatory challenges often requires a step learning curve. Let Digital Intelligence help. We offer technology, product, and process training to build the skills need to work efficiently in a changing digital landscape.

We define and conduct training based on your experience, knowledge level, and professional goals. At our training location or yours. learn more

Technical Support You Can Count On

When you purchase from Digital Intelligence, you’re getting the best forensic products money can buy. But the value doesn’t stop there. You get lifetime technical support and access to a professional, dedicated support team. We measure our success not just by the number of systems we sell but also by the level of support we provide. Whether it’s a question about your FRED, UltraBlock, Imager or software – or a question about a forensic problem you face – we have your back. Call, email, or text. We are here for you.