« Hidden Web Browsing History and Electronic Evidence | Main | Word Metadata and Electronic Evidence »

Ethical Password Hacking in E-Discovery

During the course of analyzing electronic evidence in an investigation or in litigation you will inevitably be faced with password protected files for which the password is unavailable. You may need to ethically hack password protected files using hacker-like software tools.

Given the evolving intrusive nature of e-discovery and electronic investigations it will likely become more commonplace for employees, executives, and investigation targets to attempt to gain some "perceived" preemptive privacy by the use of password protection on electronic files.

For example, in a trade secrets case you may find a suspicious password protected PDF file as an attachment in an email in the Outlook "sent box" of a top research scientist employee and that scientist is no longer around or cooperative. Access to the contents of the “locked” PDF file may be crucial to determine if the employee sent the competitor trade secrets.

In another more benign example, a top executive may have misplaced login information to a key Windows server hosting a document production in a pending litigation. Ethically hacking the “locked” Windows server to gain access to the stored files can save a huge amount of time and money in the document production process.

Needless to say that investigators and attorneys should be careful to fully evaluate lawfulness in the given context before deciding to “crack” the password to a target file or operating system. There are numerous state and federal laws which may prohibit unauthorized access to files and systems including, but not limited to, the Federal Computer Fraud and Abuse Act, the Federal ECPA, and state privacy, anti-spyware, and anti-hacking statutes like California's Consumer Protection Against Computer Spyware Act.

You may need to use brute force, dictionary attack, or “common vulnerability” techniques to crack the passwords of and gain access to the contents of a target file or system.

Here is a shocker for many non-tech lawyers and investigators – most of the popular file format and operating system passwords can be hacked in minutes using techniques like “brute force” or “dictionary attacks” amongst others. Indeed, researcher Philippe Oechslin developed such an optimized brute force cryptanalytic technique that he was able to hack Microsoft Windows password hashes in about 13.6 seconds.

Common vulnerability access to password protected files is both a recognized method of ethical hacking as well as a national security risk and thus the Department of Homeland Security National Cyber Security Division has created the National Vulnerability Database where you can query a large number of cyber security vulnerabilities for appropriate purposes.

Unless you have a lot of time on your hands if you need to gain lawful access to a password protected data file or system you will be better served to use an existing “ethical hacking” software tool which usually contains sufficient heuristics, from years of research, to determine an optimized method of cracking the password to a given file format or system.

The Elcomsoft Password Recovery Bundle is a comprehensive software package that allows authorized users and investigators to crack password protection and gain access to a large number of common business software file formats and operating systems including:

  • Windows NT/2000/XP/2003 user-level security: advanced audit and recovery
  • Windows PWL files, RAS/dial-up/VPN passwords, SYSKEY startup password, cached credentials, shared resources, Windows/Office CD keys, asterisk fields
  • Windows 2000/XP/2003/Vista Encrypting File System
  • Microsoft software: Word, Excel, Access, Outlook, Outlook Express, Internet Explorer, PowerPoint, OneNote, Project, Visio, VBA, Money, Mail, Schedule+, Microsoft Word and Excel
  • Compression utilities (archives): ZIP/PkZip/WinZip, RAR/WinRAR, ACE/WinACE, ARJ/WinArj
  • Corel WordPerfect Office: WordPerfect, QuattroPro, Paradox; WordPerfect Lightning
  • Adobe Acrobat (PDF)
  • ACT! (Symantec / Best Software / Sage)
  • Lotus SmartSuite (Organizer, WordPro, 1-2-3 and Approach)
  • E-mail clients (Microsoft Internet Mail And News, Eudora, TheBat!, Netscape Navigator/Communicator Mail, Pegasus mail, Calypso mail, Opera and others)
  • Instant Messengers (ICQ, ICQLite, Yahoo!, AOL IM, Windows Live Messenger, Google Talk, Excite Messenger, Trillian and many others)
  • Intuit Quicken, Quicken Lawyer and QuickBooks
If you are involved in electronic discovery and investigations you should consider adding to your electronic toolkit password cracking software to gain lawful and responsible access to files and to gather key evidence needed for your cases

PrintView Printer Friendly Version

EmailEmail Article to Friend

Reader Comments (1)

We call it "Password Recovery" to avoid all the negative connotations of "hacking" & "cracking"!

April 21, 2007 | Unregistered CommenterJerry

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
All HTML will be escaped. Hyperlinks will be created for URLs automatically.