Passware’s 15 Anniversary! 15% off any order for the next 15 days w/coupon PW-15-YRS!

Passware has been developing password recovery and encrypted evidence discovery software for 15 years now!

The company started its business back in 1998 helping consumers who had forgotten their passwords. As time went by, the need for decryption software as a tool for enterprises, help desks, private investigators, and law enforcement became evident. Passware has started to implement features specific for computer forensics.

The company is now the worldwide leading maker of password recovery and e-Discovery software for Federal and State agencies, Fortune 500 corporations, law enforcement, military organizations, help desk personnel, business and private consumers. A few of Passware’s customers include: Microsoft, Adobe, Apple, Intel, WalMart, Hewlett-Packard, Deloitte, Ernst & Young, KPMG, PricewaterhouseCoopers, Department of Justice, US Senate, NASA, FDA, IRS, and many more.

Today Passware celebrates its 15th anniversary and offers a 15% discount to all its customers! Use coupon code PW-15-YRS with your order for any Passware product. The offer is valid for 15 days and will expire on May 6th.

Posted in Announcements, Events, Passware | Leave a comment

Passware Kit Forensic is Now Integrated with Oxygen Forensic Suite to Provide a Joint Solution for Mobile Investigations

Passware Kit Forensic recovers passwords for Apple iTunes backup files, both for iPhone and iPad. This technology is now integrated with Oxygen Forensic Suite – a mobile forensic software that acquires data of seized cell phones, smartphones and tablets.

Using advanced proprietary protocols permits Oxygen Forensic Suite 2013 to extract much more data than usually extracted by logical forensic tools, especially for smartphones. This includes and is not limited to phone basic information and SIM-card data, contacts list, caller groups, speed dials, missed/outgoing/incoming calls, deleted SMS messages, calendar events, tasks, text notes, photos, videos, and other data. Thanks to the integration with Passware Kit Forensic, Oxygen Forensic Suite is now capable of extracting data from encrypted backup files from iPhone and iPad.

Oxygen and Passware

Both Oxygen Forensic Suite and Passware Kit Forensic should be installed to extract data from encrypted mobile backup files. Passware offers a 30% discount on Oxygen Forensic Suite. Contact Sales for more information.

Posted in Announcements, Partnership, Passware | Leave a comment

Extracting Facebook passwords from memory image or hibernation file

Passware Kit 12.3 recovers passwords for Facebook, Gmail, and other websites by analyzing a memory image or a system hibernation file.

Here is how it’s done.

Launch Google Chrome browser on a target machine and open a new Incognito window (Ctrl+Shift+N). In Incognito mode Chrome does not save your passwords, but still they are present in computer memory.

Fill in email and password and click Log In:
Google Chrome in Incognito mode

Read More »

Posted in How To, Passware | Tagged , , , , , | Leave a comment

Passware Kit 12.3 Extracts Facebook, Google Passwords from Computer Memory; Improves ATI Acceleration and Distributed Password Recovery


  • Extraction of Facebook, Google, and other websites’ passwords from live memory or hibernation files
  • Hardware acceleration: the latest ATI cards (AMD Radeon 7 series) supported
  • Distributed password recovery now with custom dictionaries
  • Portable rainbow tables for instant offline decryption of Word and Excel files up to v.2003 now for sale
  • Control hardware resources used for password recovery to optimize performance

Read More »

Posted in Announcements, Passware | Tagged , , | Leave a comment

Passware Kit 12.1 Accelerates Password Recovery for MS Office 2013 and PGP, Supports QuickBooks 2013 and FileMaker 12


  • Hardware accelerated password recovery for MS Office v.2013 files
  • GPU acceleration added for PGP password recovery
  • Instant decryption of QuickBooks v.2013 databases
  • Instant decryption of FileMaker v.12 databases
  • Password recovery for Adobe Acrobat X, XI documents
  • Password recovery for RAR v.4 archives
  • Password recovery for Mac OS 10.8 users
  • Instant recovery of Windows user passwords from UPEK

Read More »

Posted in Announcements, Passware | Leave a comment

Live and online training and certification for Passware Kit Forensic by Sumuri


Passware, in cooperation with Sumuri, is giving a series of live and online training and certification classes.

This three-day training class will give students the knowledge and skills to meet the challenges of digital encryption using Passware Kit. Students will gain an understanding of how encryption and cryptanalysis work to build core forensic analyst skills. Through hands-on practicals, students will learn how to apply Passware Kit in different scenarios, to include, encrypted files, email passwords, Windows passwords, Apple passwords, encrypted volumes, and more.

Read More »

Posted in Announcements, Events, Passware | Tagged , | Leave a comment

Instant extraction of Windows login passwords from Hibernation file or memory image

Windows stores account passwords for all the logged-in users in memory. This holds true for Windows XP through Windows 8. Passwords are encrypted and are not visible in plain text, but there is still a way to identify and decrypt those passwords.

When a computer hibernates, Windows writes all the physical RAM memory contents to C:\hiberfil.sys file, creating a memory image. This image contains encrypted windows accounts and passwords.

As hiberfil.sys file is locked by Windows, you might need to use special tools (like WinHex) or boot the system into Windows Recovery Console in order to access the file.

Read More »

Posted in How To, Passware, Tips | Tagged , , | Leave a comment

Passware Kit v.12 Introduces Batch File Processing and Instant Recovery of Windows Login Passwords from Memory



  • Batch file processing
  • Instant recovery of Windows login passwords through memory analysis

Read More »

Posted in Announcements, Passware | Tagged , , | Leave a comment

On cracking Mac OS X Lion accounts passwords

Mac OS X Lion stores salted SHA512 hashes of user accounts passwords.

NOTE: if a memory image of a target computer is available, Mac OS X login passwords could be recovered instantly.

Password hashes are stored in
/private/var/db/dslocal/nodes/Default/users/<username>.plist files.

Read More »

Posted in How To, Passware, Tips | Tagged , , , | Leave a comment

Passware Kit 11.7 Instantly Decrypts PGP and Office 2010; Features Improved Integration with EnCase



  • Instantly decrypts MS Office 2007-2010 documents through memory analysis
  • Instantly decrypts PGP Whole Disk Encryption volumes through memory analysis
  • Recovers passwords for Apple Disk Images (DMG)
  • Improved integration with Guidance EnCase:
    • One-click password recovery from EnCase
    • Imports dictionaries/wordlists directly from EnCase


Read More »

Posted in Announcements, Passware | Leave a comment