Anti-Forensics Techniques: Password Protection in this A password refers to collection of words, letters, numbers, and/or special characters used for security processes such as user authentication or to grant access to a resource. The password ensures that unauthorized users do not access the computer, network resources, or other secured information. In addition, data files and programs may require a password.
Password protection shields information, protects networks, applications, files, documents, etc., from unauthorized users. Many organizations and individuals, who do not want others to access their data, resources and other products, employ passwords and strong cryptographic algorithms as security measures.
Attackers and intruders use these protection techniques to hide evidence data, prevent reverse engineering of applications, hinder information extraction from network devices, and prevent access of system and hard disk. This can make forensic investigators’ work difficult. However, there are tools that recover the passwords. Encryption is one of the preferred techniques for deterring the forensic analysis.
Related Product : Computer Hacking Forensic Investigator | CHFI
Password Types
Passwords are important, because they are the gateway to most computer systems. Computing devices can store and transmit passwords as cleartext, obfuscated, and hashed passwords, of which only hashed passwords need cracking while the other password types can assist in the cracking phase.
1. Cleartext Passwords
- The passwords sent and stored in plaintext without any alteration
- Ex: Windows Registry houses automatic logon password (HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon)
- Investigators can use tools such as Cain and Ettercap to sniff cleartext passwords
– The passwords stored or communicated after a more or less transformation
– When transformation is reversible, password becomes unreadable when user applies an algorithm and on application of reverse algorithm, it returns a cleartext
2. Obfuscated Passwords:
- The passwords stored or communicated after a more or less transformation
- When transformation is reversible, password becomes unreadable when user applies an algorithm and on application of reverse algorithm, it returns a cleartext
3. Hashed Passwords:
Hashed passwords seem similar to obfuscated passwords, but the latter are reversible
Note: Only hashed passwords need cracking, while the other password types can assist in the cracking phase
Also Read : Recovering Deleted Partitions
Password Cracker and its Working
Password crackers are the software programs that help investigators or users to recover the passwords stored or transmitted by a system. These are the tools used to identify unknown passwords and forgotten passwords of a network resource or a computer or an application. Unauthorized persons, attackers, and intruders use these tools to access protected resources. Most password-cracking techniques are successful because of weak or easily guessable passwords.
Password crackers identify correct passwords primarily in two methods, namely, dictionary searches and brute force cracking. The brute force method used by password crackers involves running the predetermined length set of characters until it finds a suitable one. The dictionary technique searches for an appropriate word in the dictionary that exactly fits as a password. Password dictionaries include a wide range of topics, such as music groups, movies, politics, etc.
Hybrid password crackers use various combinations of dictionary and brute-force cracking methods, e.g., cat01, cat02, cat03, etc. This type of cracking method is very useful if the owner had set a password with a combination of numbers.
Some password crackers even identify encrypted passwords and decrypt them. At first, these tools identify and retrieve the passwords from a computer memory and redirect to decrypt them. The tools use an algorithm much similar to that a system program had used to create an encrypted password.
To understand working of password crackers, one must be well aware of how password generators work. Password generators mostly use cryptography in their working process.
Cryptography is the study of creating and breaking codes or coded data. Crypto is a Greek word that means something hidden, veiled, obscured, mysterious, or secret. Graph is derivative of the word “graphia,” which means writing. Therefore, cryptography is the art of secret writing. Passwords use mostly encrypted form.
In the above figure, there is a table, or legend, to the left. Below each letter is a corresponding number.
Thus, A = 7, C = 2, and so forth. This is a code of sorts but easy to decode. ROT-13 is a method, which replaces each letter by a substitute letter. Moving 13 letters ahead derives the substitute letter.
This is an ineffective method of encoding or encrypting a message. There are programs that quickly identify this pattern.
Following are the steps involved in password-cracking process:
- Create a word list with a dictionary generator program or dictionaries
- Hash or encrypt the list of dictionary words
- Compare the hashed wordlist against the target hashed password, generally one word at a time
- If it matches, the password crack is successful, and the password cracker displays the unencrypted version of the password
Some password crackers perform this task differently. They send the word list through the encryption process, generally one word at a time. Apply rules to the word and after each such application; they compare each word to the target password (encrypted). If they do not match, the cracker will send the next word through the process. The difference is not academic. The first technique is probably much faster.
It is of some significance that the various password-cracking utilities are not user-friendly. In fact, when executed, some of them forward nothing more than a cryptic message.
Note: Investigators and attackers can obtain the target’s hashed password by sniffing it from a wired or wireless network or directly from the Security Accounts Manager (SAM) or shadow password files on the hard drive of a system.
Questions related to this topic
- Which tool is used to crack the password?
- Are password crackers illegal?
- How do hackers decrypt passwords?
- Is encryption the same as password protected?
This Blog Article is posted by
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092
Contact us – www.info-savvy.com
