Seminar Report on

Passware Encryption Analyzer

Submitted By: Mr.Vikas Patel(110280723013) Mr. Akshay Kansara(110280723014) Semester: III, M.E(Information Technology) Guided By: Prof.Urvashi Patel. Computer Engineering Department, L.D.College Of Engineering, Ahmedabad-15.

Computer Engineering Department, L.D.College Of Engineering, Ahmedabad-15

Index
1.0 Introduction 1.0.1Encryption Analyzer 4.0 -Passware Encryption Analyzer -Passware Password Recovery kit 1.1 Working with Passware Encryption Analyzer 1.1.1 Selecting the Files to Scan 1.1.2 Monitoring Scan Progress 1.1.3 Canceling or Pausing a Scan 1.2 Working with Passware Password Recovery Kit 1.2.1 Recovering and Re-setting passwords 1.2.2 Searching for protected files 1.2.3 Analyzing Memory and Decrypting Hard Disks 1.3 Password Recovery Details 1.4 Applications 1.5 Conclusion & References

Introduction

Encryption Analyzer 4.0 helps out to find password-protected files on your computer system -either on a PC, or over the network. Home users can check how secure their files are and verify that they still have passwords for important files. IT professionals can use Encryption Analyzer to ensure password protection is used properly in their company and manage protected files. More about Encryption Analyzer A) We are running Version 1.0 of Passware Encryption Analyzer. This software package examines the files on a computer system (local or networked) to detect files protected by passwords. A strong password is one of the best defenses against a security breach, but managing all the different passwords on all of your documents can be a real pain. That's where Password Encryption Analyzer Free comes into play. The program offers a way to scan all of your documents to check for and recover passwords. Key Features of Passware Encryption Analyzer:

Scans files fast - over 4,000 files per minute on an average PC Supports over 100 different file formats Sports a user-friendly Explorer-like interface Lists recovery options and launches the appropriate password recovery modules if necessary (and if installed) Provides detailed information, such as file formats, protection methods Available to developers as an SDK for .NET

Benefits for Computer Forensics: With EA you get all password recovery and decryption options that are available for the files of the cases you are investigating. Thanks to integration with Passware Kit you can perform password recovery immediately: EA launches the necessary Passware Kit module to recover the password. And, certainly, everything is reported: you receive detailed logs as well as MD5 hash values of protected files. We can easily check if password protection is used properly and manage protected files directly from EA. Full system scan usually takes under an hour. Work with EA in the most convenient way: you can scan your systems over the network and work in batch mode with a command line interface. You also get full reports on protected files and detailed log files.

B) The Passware Password Recovery Kit can reduce the time you spend recovering passwords, improve password recovery rates, and give you more control over the password recovery process. It can recover all kinds of passwords for the world's most popular office application files, including Excel, Word, WinZip, Windows 2008/Vista/2003/XP, Internet Explorer, Firefox, Access, Outlook, Acrobat, QuickBooks, FileMaker, WordPerfect, VBA, Lotus Notes, ACT!, and more. This includes 30+ password recovery modules integrated in an all-in-one user interface. Advanced acceleration methods are used to recover difficult passwords.

Key Features of Passware Password Recovery Kit:

All-in-one password recovery for 180+ file types Integrated Encryption Analyzer Pro scans computers for password-protected items Integrated Search Index Examiner retrieves electronic evidence from a Windows Desktop Search Database Resets passwords for Local and Domain Windows Administrators Instant online decryption of Word/Excel files (up to version 2003) Multi-core CPUs acceleration GPU acceleration for MS Office 2007 files Basic password recovery attacks: Dictionary, Xieve, Brute-force, Known Password/Part, Previous Passwords Password modifiers supported (casing, reverse words, etc.) Combination of attacks for passwords like "strong123password" Wizard for an easy setup of password recovery attacks MD5 hash values for forensic reports

Benefits for Computer Forensics: This complete electronic evidence discovery solution reports all password-protected items on a computer and gains access to these items using the fastest decryption and password recovery

algorithms. Many types of passwords are recovered or reset instantly, and advanced acceleration methods are used to recover difficult passwords. Passware Kit Forensic introduces batch file processing and a new attacks editor, which sets up the password recovery process in the most precise way to provide the quickest decryption solution possible. The highest performance is achieved with Distributed Password Recovery, using the computing power of multiple computers. Passware Kit Forensic includes a Portable version that runs from a USB drive and finds encrypted files, recovers files and websites passwords without modifying files or settings on the hostcomputer.

Encryption Analyzer - Quick Start

To find password-protected files on your computer system:
1. Launch Encryption Analyzer from the Programs menu. You will see the following screen:

2. Click the Start Scan button shown in the window. This scans your entire computer system for password-protected files and then clicks OK to close the dialog box.

3.

After the scan is complete, we can:Save the file list Save the Scan log Recover Passwords Start a new scan

Working with Passware Encryption Analyzer

Encryption Analyzer has an easy-to-use Explorer-like interface. By simply clicking a few checkboxes and buttons, you can find your password-protected files quickly and easily.

1) Selecting the Files to Scan:

Encryption Analyzer enables you to scan only the files you want to -- from your entire computer system to one or two selected folders. You can also select the type of scan you want to use (a full scan, for example takes longer than a fast scan, but is not as complete). Choosing the Scan Type & What to Scan:-

2) Monitoring Scan Progress:

The Scan Progress area at the top of the main window displays a graphical progress bar, and lists time elapsed and time-to-completion. The Status Bar, visible along the Encryption Analyzer window, gives a summary of the number of protected items found and the total number of items scanned. A sample Scan Progress area is shown below:

3) Canceling or Pausing a Scan:

We can pause a scan at any time by clicking the Pause button in the toolbar: To resume a paused scan, click the Resume button in the toolbar:

You can cancel a scan at any time by clicking the Stop button in the toolbar:

Password Recovery Kit -Quick Start

Recovering a lost password is easy with the Passware Kit. Simply follow these basic steps: 1. Launch the Pass ware Kit application.

2. Click the link on the Start Page that relates to the type of password you want to recover (file, e-mail and network, or Windows Administrator). 3. Follow the instructions on the screen -- for some types of passwords, such as file passwords, you have to fill out a few fields; for other types, such as Outlook Express account passwords, the password recovery process starts immediately. 4. When the password recovery process is complete, the results are displayed in the window. 5. You can then save and print the results.

Working with Passware Encryption Analyzer

You can use the Passware Kit to recover lost passwords, wherever they are -- file passwords, email account passwords, Internet passwords, and VPN and network passwords.

1) Recovering Passwords:
The Passware Kit can help you recover passwords for many types of files. Once the Passware
Kit discovers the password for a file, it remembers that password. If you ever forget the same password, you don't have to run all the attacks again - simply select the file, and the Kit displays the password immediately.

Using the Attack Wizard:The Attack Wizard walks you through setting up your search for a lost file password, step-bystep. Starting the Attack Wizard 1. Launch the Passware Kit application.
2. Click Recover File Password (or press Ctrl+O). This displays the Open dialog box. 3. Choose the file for which you want to find the password, and click Open. This displays

the screen show below:

4.

Click Run Attack Wizard (or press Ctrl+W).

Specifying the General Password Format The first Attack Wizard screen, shown below, asks you to supply the general format of the password. For example, does it consist of one dictionary word, or more than one? Choose the best selection and click next.

From this point forward, the Attack Wizard screens differ, depending on which general format you choose. Single Dictionary Word Multiple Dictionary Words One or More Dictionary Words Combined with Letters, Numbers, or symbols Non-dictionary, but Similar to a Dictionary Word Other

Using the Default Attacks:1. Launch the Passware Kit application.

2. Click Recover File Password (or press Ctrl+O). This displays the Open dialog box. 3. Choose the file for which you want to find the password, and click Open. 4. Click Use Pre-defined Default Attacks (or press Ctrl+D).

5. Once an attack is complete, the Passware Kit displays the results of the password

recovery process in the Passwords Found Report, a sample of which is shown below:

Which Attacks Are Run

The following list describes the default attacks, in the order in which they are run, and gives examples of the sort of password each attack is best at finding, where appropriate: Previous Password Attack, Descryptum Attack, Sure Zip Attack, Dictionary Attack, Brute Force Attack and many more

2) Searching For Protected Files:

Click Search for Protected Files on the Passware Kit start page.

Click the Start Scan button in the bottom-right corner of the window. This scans your entire computer system for password-protected files. Click Save List in the Actions area of the window.Alternatively, click the Save List button in the toolbar. In the resulting Save As dialog box, navigate to the folder in which you want to save the file, and give it a file name, then click OK.

3) Analyzing Memory and Decrypting Hard Disks:

To get started, display the Passware Kit Start Page, and click Analyze Memory and Decrypt Hard Disk (or press Ctrl+D). This displays the following window:

Recovering BitLocker Encryption Keys The software scans the physical memory image file (created while the encrypted disk was mounted) and extracts all the encryption keys for a given volume. 1.Click BitLocker (or press Ctrl+B). This displays the screen shown below:

2.Click Browse and locate the image file of the BitLocker encrypted volume or partition. 3.Click Browse and locate the physical memory image (memory.bin) or the hiberfil.sys file from the computer to which your encrypted volume was mounted. If you do not have this memory image and the target computer is still powered on, click Acquire a memory image and follow the on-screen instructions. Decrypting a TrueCrypt Volume TrueCrypt is a software application that creates virtual hard disks with real-time encryption.The software scans the physical memory image file (created while the encrypted disk was mounted), extracts all the encryption keys, decrypts the given volume, and saves the image of the decrypted volume. To decrypt a TrueCrypt volume, the physical memory image file or hiberfil.sys file from the target system (with the encrypted volume mounted) is required.

Decrypting a PGP WDE Volume Passware Kit decrypts hard disk volumes encrypted with PGP Whole Disk Encryption. The software scans the physical memory image file (created while the encrypted disk was mounted), extracts all the encryption keys, decrypts the given volume, and saves the image of the decrypted volume. To decrypt a PGP volume, the physical memory image file or hiberfil.sys file from the target system (with the encrypted volume mounted) is required. PGP volume images can be created using third-party tools, such as Guidance EnCase, Free EASIS Drive Cloning, or DD.

Password Recovery Details

This section describes the details of password recovery.

1) Password Recovery Complexity:

The Passware Kit supports 180+ file types with the following complexity levels:

Instant Unprotection -- Recovery or Reset of the password is guaranteed and takes less than 1 minute. Brute-force (Fast) -- Recovery of the password requires testing all passwords one by one. Speed is about 1,000,000 passwords per second. Brute-force (Medium) -- Recovery of the password requires testing all passwords one by one. Speed is between 100,000 and 1,000,000 passwords per second. Brute-force (Slow) -- Recovery of the password requires testing all passwords one by one. Speed is less than 100,000 passwords per second. Impossible - for some file types, password recovery is not possible.

When using the brute-force method, the Passware Kit tries to recover the original password by testing all possible combinations. Four attacks are used to recover the original password: Dictionary, Brute-force, Xieve, and Previous Passwords. More information about these types of attacks can be found on the Attack Descriptions page. The speed of the recovery process performed by Brute-force attack is different for different types of files. For example, for MS Word and Excel files it is fast, for RAR archives it is slow.

2) Attack Descriptions
Passware Kit uses eight different password recovery attacks. Dictionary: Dictionary attack tries thousands of words from dictionary files as possible passwords.Dictionary attack allows you to customize the following settings: Brute-force Attack: finds passwords by checking all possible combinations of characters from the specified Symbol Set. This is the slowest, but most thorough, method. Xieve: Xieve optimization dramatically boosts Brute-force attack speed by skipping password checks of nonsensical combinations of characters. It uses a large built-in table of frequences of different combinations of letters.

Known Password/Part:Known Password/Part Attack checks a certain password entered in the "Value" field. There is no need to open a file in order to check whether a certain password is correct.This attack can be combined with other attacks using the Join Attacks option. Previous Passwords:Previous Passwords Attack checks passwords that were previously recovered by other attacks for other files. It automatically saves all passwords found. Decryptum:Decryptum Attack instantly decrypts MS Word and Excel files up to version 2007. It connects to the www.decryptum.com server to generate a free preview or to decrypt files. Encryption Keys Extraction:Encryption Keys Extraction Attack instantly decrypts MS Office 2007-2010 files (Word, Excel, PowerPoint) if there is a memory image of a computer acquired while the file was open. The attack instantly extracts the encryption keys from the memory image or the system hibernation file (hiberfil.sys) and decrypts the file, regardless of the password length. Surezip: SureZip attack decrypts Zip archives created with WinZip version 8.0 and earlier in less than an hour regardless of password used to protect it. At least 5 simultaneously encrypted files are required in order to process the archive. Archives created with WinZip are supported.

3) Attack Modifiers
Attack modifiers enable you to further control the password recovery process by specifying which casing is used, and whether a reverse password should be used. Once you have added a modifier, you should then add an attack to this modifier. Change Casing Modifier This modifier specifies how uppercase and lowercase letters are used in your password. The default is Original. You can add, remove, or change the settings for a particular attack as required, using the Attack Editor. For example, the password "paSsWOrd" can be modified as follows: Original (no modifications): paSsWOrd Normal (first letter capital, the rest are lowercase): Password Toggle (vice-versa to Normal, first letter lowercase, the rest are capital): pASSWORD Upper (all letters capital): PASSWORD Lower (all letters lowercase): password Reverse (vice-versa to Original): PAsSwoRD Mixed (randomize lowercase and capital letters): PaSsWord

Applications
For Home Users You get a free check of how secure your files are. With EA you can also verify that you still have passwords for your important files. If you need to unprotect your file, you do not have to search for an appropriate product - EA does it for you and runs the required password recovery module. Enjoy the easy-to-use explorer-like interface with all the necessary options at hand. For IT Professionals You can easily check if password protection is used properly in your company and manage protected files directly from EA. EA solves a common problem - employees leaving a company without giving a complete list of their passwords. Full system scan usually takes under an hour. Work with EA in the most convenient way: you can scan your systems over the network and work in batch mode with a command line interface. You also get full reports on protected files and detailed log files. For Computer Forensics With EA you get all password recovery and decryption options that are available for the files of the cases you are investigating. Thanks to integration with Passware Kit you can perform password recovery immediately: EA launches the necessary Passware Kit module to recover the password. And, certainly, everything is reported: you receive detailed logs as well as MD5 hash values of protected files. For Developers Encryption Analyzer .NET SDK allows you to use all the features of EA in your applications without extra coding.

Conclusion:
Passware encryption analyser provides Full system scan takes under an hour, Scan remote computers over the network. See all decryption options available for your files, Appropriate password recovery module is launched automatically,Get reports for a caseGet evidence that a files contents remains unchanged,No need for administrative privilegesUse all the features of Encryption Analyzer Professional in your applications.

Reference:

http://www.fileratings.com/Review/Passware_Encryption_Analyzer http://www.lostpassword.com/encryption-analyzer.htm http://www.lostpassword.com/pdf/EncryptionAnalyzer_datasheet.pdf http://www.downloadatlas.com/flexcrypt_encryption/passware-encryptionanalyzer-by-passware-inc.html