[dundee] Forensic Computing

Axel newsletter at axelbor.de
Sun Nov 22 18:36:04 UTC 2009


Hey,

thank you. Unfortunately this instruction don't work in my case. To  
read the file, it is necessary to key in the password. I have read the  
mails and can't find an evidence to the password. So I'm not sure is  
this password available.

Axel


Quoting Kris Davidson <davidson.kris at gmail.com>:

> I've never had a password protected Office file take longer that 30
> seconds to crack, just a do a simple search for suitable software,
> depending on the file you can just bypass the password
> http://www.gmayor.com/Remove_Password.htm
>
> Failing that, like the other guy said check deleted files, do carving
> and file type analysis. Also try passwords found for other accounts
> and websites etc, check any e-mail found on the image.
>
> 2009/11/22 Axel <newsletter at axelbor.de>:
>>
>> Hey,
>>
>> one problem I have solve. The FTK-Imager can convert the image to a dd
>> image. So it's possible to mount this without any trouble at Linux.
>>
>> Now, there is an another problem. There are to Word files
>> Burinator1.doc and Burinator2.doc. This files protected with a
>> password. Advise the password was without success and I cannot find
>> the password in the image. Everyone know if the password available in
>> the image?
>>
>> A brute force attack is already started, but this need a couple of days.
>>
>> Cheers
>> Axel
>>
>>
>>
>> _______________________________________________
>> dundee GNU/Linux Users Group mailing list
>> dundee at lists.lug.org.uk  http://dundeelug.org.uk
>> https://mailman.lug.org.uk/mailman/listinfo/dundee
>> Chat on IRC, #tlug on irc.lug.org.uk
>>
>
> _______________________________________________
> dundee GNU/Linux Users Group mailing list
> dundee at lists.lug.org.uk  http://dundeelug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/dundee
> Chat on IRC, #tlug on irc.lug.org.uk
>






More information about the dundee mailing list