Cracking Passwords in Forensic Investigations - Scholarly ...
Cracking Passwords in Forensic Investigations - Scholarly ...
Cracking Passwords in Forensic Investigations - Scholarly ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
v) Customise rules and dictionaries: PRTK and DNA allow users to create or<br />
import custom dictionaries. It is also possible to create biographical<br />
dictionaries that allow you to enter the suspect‘s biographical<br />
<strong>in</strong>formation to aid <strong>in</strong> password recovery. PRTK and DNA also<br />
ma<strong>in</strong>ta<strong>in</strong> a golden dictionary that conta<strong>in</strong>s previously recovered<br />
passwords. They also support creation and customisation of password<br />
recovery rules, or modifications that can be made to dictionary<br />
keywords to be used for guess<strong>in</strong>g passwords. For example, it is<br />
possible to add any prefixes or postfixes and to choose any variations<br />
<strong>in</strong> character sets to customise password recovery.<br />
vi) Use add-ons: PRTK and DNA support various add-on products. These<br />
add-ons <strong>in</strong>clude ra<strong>in</strong>bow tables and Portable Office Ra<strong>in</strong>bow Tables<br />
released by AccessData Corp. PRTK and DNA also support Tableau<br />
TACC1441 Hardware accelerator (TACC). The use of TACC reduces<br />
dictionary-based password recovery times. Thus, it is possible to<br />
<strong>in</strong>crease speed and accuracy with the use of various add-ons.<br />
2.4 COSTING PASSWORD CRACKING<br />
There exist a variety of problems for digital forensic <strong>in</strong>vestigators when apply<strong>in</strong>g<br />
any particular password crack<strong>in</strong>g technique. One of these problems is estimation<br />
of the time taken to complete the crack<strong>in</strong>g. As a result, it is a problem to estimate<br />
the cost of such an <strong>in</strong>vestigation. This section describes cost<strong>in</strong>g for password<br />
crack<strong>in</strong>g and also discusses the importance of estimat<strong>in</strong>g costs for the purpose of<br />
password crack<strong>in</strong>g <strong>in</strong> forensic <strong>in</strong>vestigations.<br />
2.4.2 Cost<strong>in</strong>g<br />
Cost<strong>in</strong>g, or cost account<strong>in</strong>g, means the ―establishment of budgets, standard costs<br />
and actual costs of operations, processes, activities or products; and the analysis of<br />
variances, profitability, or the social use of funds‖ (Lucey, 2002, p.1). This<br />
subsection def<strong>in</strong>es full cost and the two types of full costs, namely direct costs and<br />
<strong>in</strong>direct costs.<br />
2.4.2.1 Full Cost<br />
21