hello all,
got a forensic password recovery question... i promise that this IS REALLY A CLASS ASSIGNMENT and i'm not doing anything nefarious lol ;~)
we roll play in class and go through all the steps of a forensic examination / investigation, from getting a warrant / or permission from the company, to photographing the scene interviewing witnesses, writing reports etc. etc.etc.
anyway for this assignment we were hired by xxx company, to do a forensic examination on a particular employees machine. human resources is already involved, and the companies IT dept thinks that this particular workstation has been compromised...
among the 35k + files on the image, there are three (3) encrypted files, problem is they were encrypted using AES-256 bit encryption...
a known plain text attack doesn't seem to work although i may not have the correct plain text. but i'm sure that i have the correct compression scheme used to compress the files (PKZIp 9.0).
i exported a word list from the image, and have been running a dictionary attack against it using PRTK for about 18 hours now. so far no luck...
i have attached a copy of the file for you all to try if you would like and i would like to make it clear that if you DO crack the encryption i don't just want the answer. what i would like is some hints to point me in the right direction...
best regards,
gabrielelohimAttachment: hardfile[19090][19090].zip (Downloaded 0 times)
|
