Instant extraction of Windows login passwords from Hibernation file or memory image

Windows stores account passwords for all the logged-in users in memory. This holds true for Windows XP through Windows 8. Passwords are encrypted and are not visible in plain text, but there is still a way to identify and decrypt those passwords.

When a computer hibernates, Windows writes all the physical RAM memory contents to C:\hiberfil.sys file, creating a memory image. This image contains encrypted windows accounts and passwords.

As hiberfil.sys file is locked by Windows, you might need to use special tools (like WinHex) or boot the system into Windows Recovery Console in order to access the file.

Read More »

Posted in How To, Passware, Tips | Tagged , , | 1 Response

Passware Kit v.12 Introduces Batch File Processing and Instant Recovery of Windows Login Passwords from Memory

NEW IN PASSWARE KIT 12.0

 

  • Batch file processing
  • Instant recovery of Windows login passwords through memory analysis

 
Read More »

Posted in Announcements, Passware | Tagged , , | 1 Response

On cracking Mac OS X Lion accounts passwords

Mac OS X Lion stores salted SHA512 hashes of user accounts passwords.

NOTE: if a memory image of a target computer is available, Mac OS X login passwords could be recovered instantly.

Password hashes are stored in
/private/var/db/dslocal/nodes/Default/users/<username>.plist files.

Read More »

Posted in How To, Passware, Tips | Tagged , , , | 6 Responses

Passware Kit 11.7 Instantly Decrypts PGP and Office 2010; Features Improved Integration with EnCase

NEW IN PASSWARE KIT 11.7

 

  • Instantly decrypts MS Office 2007-2010 documents through memory analysis
  • Instantly decrypts PGP Whole Disk Encryption volumes through memory analysis
  • Recovers passwords for Apple Disk Images (DMG)
  • Improved integration with Guidance EnCase:
    • One-click password recovery from EnCase
    • Imports dictionaries/wordlists directly from EnCase

 

Read More »

Posted in Announcements, Passware | 3 Responses

How effective are your password recovery settings?

Improving password recovery success rates

Limited time and resources are usually the two biggest constraints for password recovery. A live memory image could contain encryption keys and passwords, but what are the options if there is no such image available?

There are two important metrics for measuring effectiveness of password recovery: success rate and time spent. After all, we could do a full brute-force attack for all 16-character alpha-numeric passwords with 100% success rate, but waiting a billion years is not a viable option.

There is a lot of research to identify different patterns in passwords used, and the common view now is that there is no such thing as “the best” list of password recovery attacks. People choose different types of passwords to protect different types of data – corporate files, personal documents, or web accounts.

One of the questions we are asked often is, “How do I measure the efficiency of my set of password recovery attacks?”

That’s exactly the reason why Passware Kit now allows running password recovery attacks against a list of known passwords. For different types of passwords, this is the fastest way to see the success rate and estimate performance in real-life scenarios.

Read More »

Posted in How To, Passware, Tips | 2 Responses

Passware Kit 11.5 Released

Passware Kit 11.5 Recovers Passwords for iPhone Backups, Safari Websites, and Decrypts QuickBooks 2012

NEW IN PASSWARE KIT 11.5

  • Recovers passwords for iTunes backup files, both for iPhone and iPad
  • Instantly decrypts QuickBooks 2012 databases
  • Recovers passwords for Quicken 2012 databases
  • Instantly recovers Safari passwords
  • Acquires live memory image via FireWire and saves it as a DD file
  • Tests custom password recovery settings against known passwords lists
  • Recovers passwords for Mac keychain files 4 times faster

Read More »

Posted in Announcements | 3 Responses

Welcome to Passware blog!

We are launching Passware blog today.

Here at Passware we have been busy adding new features to Passware Kit.

As the product matured during the last several years, we realized that the driving force that shapes the product is the voice of our user community.

With hundreds of new features we needed a place to share tips and tricks, receive feedback and talk to Passware users.

Stay tuned for updates and thank you for your support!

Passware Team.

Posted in Announcements | 1 Response