[dundee] Forensic Computing
Kris Davidson
davidson.kris at gmail.com
Sun Nov 22 17:09:01 UTC 2009
I've never had a password protected Office file take longer that 30
seconds to crack, just a do a simple search for suitable software,
depending on the file you can just bypass the password
http://www.gmayor.com/Remove_Password.htm
Failing that, like the other guy said check deleted files, do carving
and file type analysis. Also try passwords found for other accounts
and websites etc, check any e-mail found on the image.
2009/11/22 Axel <newsletter at axelbor.de>:
>
> Hey,
>
> one problem I have solve. The FTK-Imager can convert the image to a dd
> image. So it's possible to mount this without any trouble at Linux.
>
> Now, there is an another problem. There are to Word files
> Burinator1.doc and Burinator2.doc. This files protected with a
> password. Advise the password was without success and I cannot find
> the password in the image. Everyone know if the password available in
> the image?
>
> A brute force attack is already started, but this need a couple of days.
>
> Cheers
> Axel
>
>
>
> _______________________________________________
> dundee GNU/Linux Users Group mailing list
> dundee at lists.lug.org.uk http://dundeelug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/dundee
> Chat on IRC, #tlug on irc.lug.org.uk
>
More information about the dundee
mailing list