Cracking Passwords in Forensic Investigations - Scholarly ...

More documents

Recommendations

Info

x 5.3.1.2 Second step-Find password cracking speed ................................ 94 5.3.1.3 Third step-Use budgeting model formula to estimate time budget .............................................................................. 95 5.3.1.4 Fourth step-Allocate computational resources for cracking ....... 96 5.4 Conclusion .................................................................................................................. 96 Chapter 6 - Conclusion 6.0 Research Summary ..................................................................................................... 98 6.1 Summary of Findings .................................................................................................. 99 6.2 Answers to Research Questions ................................................................................ 101 6.3 Conclusion and Future Research .............................................................................. 103 References ................................................................................................................. 105 APPENDIX 1: Time Budget calculation of all blocks ....................... 110 APPENDIX 2: Password files used for cracking ................................. 119 APPENDIX 3: Password cracking reports generated by Distributed Network Attack ................................. 133 APPENDIX 4: Time analysis for all blocks ............................................ 188
xi List of Tables Table 2.1: The Modular Crypt Format .............................................................................. 11 Table 2.2: Example of costs associated with password cracking ..................................... 22 Table 2.3: Comparison of character space, length, key space and maximum time taken to crack a password ............................................................................................................... 23 Table 2.4: Key areas of research ....................................................................................... 25 Table 3.1: Example of password and profile to be used in the sample for main experiment ..................................................................................... 49 Table 3.2: Format of Monitoring/Action Performed Log ................................................. 50 Table 4.1: Configuration of computers in test environment ............................................. 57 Table 4.2: Example of Block#1 entries from data creation spreadsheet ........................... 59 Table 4.3: Time budget for all the blocks ......................................................................... 59 Table 4.4: Monitoring / Action performed Log of experiment ......................................... 64 Table 4.5: First 10 account’s password cracking times for block 1 .................................. 67 Table 4.6: First 10 account’s password cracking times for block 2 .................................. 68 Table 4.7: First 10 account’s password cracking times for block 3 .................................. 69 Table 4.8: First 10 account’s password cracking times for block 4 .................................. 71 Table 4.9: The actual time and the budgeted time for each block .................................... 72 Table 5.1: Testing Hypothesis H0 .................................................................................... 84 Table 5.2: Testing Hypothesis H1 .................................................................................... 86 Table 5.3: Testing Hypothesis H2 .................................................................................... 87 Table 6.1: Time budgets for all the blocks ..................................................................... 102 Table 6.2: The actual time and the budgeted time for each block .................................. 103 Table 6.3: Research Questions and the respective Research Answers ........................... 104 Table 6.4: Hypotheses test results ................................................................................... 105
Page 1 and 2: Cracking Passwords in Forensic Inve
Page 3 and 4: iii Acknowledgements This thesis wa
Page 5 and 6: v Abstract Digital Forensic Investi
Page 7 and 8: vii Table of Contents Declaration .
Page 9: ix Chapter 4 - Research Findings 4.
Page 13 and 14: xiii List of Abbreviations AMD Adva
Page 15 and 16: 1.1 PROBLEMS FOR DIGITAL FORENSIC I
Page 17 and 18: approach improves the password crac
Page 19 and 20: technologies, there exist challenge
Page 21 and 22: 2.1 PASSWORDS AND PASSWORD RECOVERY
Page 23 and 24: 2.1.2 Unix/Linux MD5 Password Schem
Page 25 and 26: encrypting the information within s
Page 27 and 28: iii) If possible, create a custom d
Page 29 and 30: Since all possible permutations and
Page 31 and 32: L0phtCrack 6 supports the retrieval
Page 33 and 34: i) Decryption attack: As discussed
Page 35 and 36: Full cost refers to the total amoun
Page 37 and 38: As shown in Table 2.3, a password w
Page 39 and 40: 5) Weir, Aggarwal, Medeiros, and Gl
Page 41 and 42: the speed of cracking and the attac
Page 43 and 44: is inevitable) but rather the optim
Page 45 and 46: Klein (1990) addressed the most com
Page 47 and 48: character hashing. Thus, for passwo
Page 49 and 50: experiments were conducted by gener
Page 51 and 52: obtained via phishing attacks on th
Page 53 and 54: Bengtsson (2007) outlined a literat
Page 55 and 56: applications whose passwords need t
Page 57 and 58: equired for computing and testing.
Page 59 and 60: 3.2.3 The Research Questions and Hy
Page 61 and 62:
main experiment, which is the next
Page 63 and 64:
12,500 x 8 = 100,000 passwords/seco
Page 65 and 66:
3.3.5 Data Map Figure 3.2: Research
Page 67 and 68:
4.0 INTRODUCTION Chapter 4 Research
Page 69 and 70:
4.1.2 Time Budgeting The time budge
Page 71 and 72:
Another computer with the same conf
Page 73 and 74:
minutes, and 24.8 days respectively
Page 75 and 76:
vishal@vishal-desktop:~$ sudo addus
Page 77 and 78:
Table 4.4: Monitoring/action-perfor
Page 79 and 80:
4.3 ANALYSIS OF DATA The experiment
Page 81 and 82:
Table 4.6: First 10 accounts’ pas
Page 83 and 84:
DD:HH:MM:SS format, similar to the
Page 85 and 86:
4.4 PRESENTATION OF DATA FINDING Af
Page 87 and 88:
Figure 4.8 shows the time taken for
Page 89 and 90:
Figure 4.11 displays the comparison
Page 91 and 92:
5.0 INTRODUCTION Chapter 5 Research
Page 93 and 94:
Thus, the simulation mirrored the f
Page 95 and 96:
Table 5.1: Testing hypothesis H0 Hy
Page 97 and 98:
Table 5.3: Testing hypothesis H2 Hy
Page 99 and 100:
Q3: What are the guidelines for bes
Page 101 and 102:
Since the passwords were arranged i
Page 103 and 104:
Analysis (see Section 3.2.3). All f
Page 105 and 106:
information for forensic investigat
Page 107 and 108:
5.3.1.2 Second Step - Find Password
Page 109 and 110:
Therefore, T (in seconds) = 12,500,
Page 111 and 112:
6.0 RESEARCH SUMMARY Chapter 6 Conc
Page 113 and 114:
udgets, the passwords were added to
Page 115 and 116:
SECONDARY RESEARCH QUESTION 3: What
Page 117 and 118:
overcome the security barriers of p
Page 119 and 120:
Clayton, R., & Bond, M. (2003). Exp
Page 121 and 122:
Openwall Project. (2010). John the
Page 123 and 124:
APPENDIX 1: Time Budget Calculation
Page 125 and 126:
51 Bas -2-38 TOTAL TIME REQUIRED FO
Page 127 and 128:
96 Bas -2-27 97 Bas -2-28 98 Bas -2
Page 129 and 130:
140 Adv -1-26 141 Bas -3-07 142 Adv
Page 131 and 132:
182 Adv -1-21 183 Adv -1-22 Diction
Page 133 and 134:
main12:$1$CSD0Tppt$0gO4c883evmn9sQR
Page 135 and 136:
main41.txt: main41:$1$B43.jKTn$5EPi
Page 137 and 138:
main70.txt: main70:$1$7kHK0PnH$yJ5x
Page 139 and 140:
main99:$1$UQiTB..u$SJUkwarkM1kzvnvt
Page 141 and 142:
main128.txt: main128:$1$n7OEbAyB$d6
Page 143 and 144:
main157.txt: main157:$1$VRmaYxPu$Iy
Page 145 and 146:
main186:$1$HFNaeUkb$t1lZ5QcrH9iy8G/
Page 147 and 148:
SHA 1: a168282ad70a94fbb8d5917f3505
Page 149 and 150:
C:\Main Test\MainTest-passwdFiles\B
Page 151 and 152:
Job Started: 7/13/10 8:49:24 File M
Page 153 and 154:
File Modified: 7/13/10 6:58:08 SHA
Page 155 and 156:
File Version: Unknown Job Started:
Page 157 and 158:
SHA 1: b95b12e95c70b66df01af148502e
Page 159 and 160:
File Size: 60 File Version: Unknown
Page 161 and 162:
Job Status: Finished on 7/13/10 8:5
Page 163 and 164:
Identified Type: *nix passwd File S
Page 165 and 166:
Password Type: Password Where Found
Page 167 and 168:
Job Status: Finished on 7/13/10 10:
Page 169 and 170:
Page 171 and 172:
MD5: df7c66c8b6b8528176d42314926021
Page 173 and 174:
Result: trapezoidal@ Description: U
Page 175 and 176:
Where Found: (ADV-1-20) Dictionary
Page 177 and 178:
Password Type: Password Where Found
Page 179 and 180:
Where Found: (BAS-3-04) Dictionary
Page 181 and 182:
Commonly Registered Type: crypt use
Page 183 and 184:
Page 185 and 186:
Page 187 and 188:
Where Found: --- C:\Main Test\MainT
Page 189 and 190:
MD5: 17632fca93fa27bb8d0a89c80a2ba9
Page 191 and 192:
Description: Unknown Password Type:
Page 193 and 194:
Page 195 and 196:
File Version: Unknown Job Started:
Page 197 and 198:
Page 199 and 200:
Page 201 and 202:
APPENDIX 4: Time Analysis for all B
Page 203 and 204:
main60 main61 main62 main63 main64
Page 205 and 206:
main127 main128 main129 main130 mai
Page 207:
main192 main193 main194 main195 mai
show all

Cracking Passwords in Forensic Investigations - Scholarly ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?