±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 1 Overall: 35883
New Yesterday: 3 Visitors: 123

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Stuffit self extracting compressed file - password....

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

Andy
Senior Member
 

Stuffit self extracting compressed file - password....

Post Posted: Apr 12, 05 14:38

I need to crack a password/phrase protected 'stuffit' self extracting .exe file, on a Windows XP box. None of my usual stuff (PRTK, etc) will work with it. Any ideas?

Andy  
 
  

gmarshall139
Senior Member
 

Re: Stuffit self extracting compressed file - password....

Post Posted: Apr 12, 05 21:39

Andy,

Were you able to recover any passwords from the registry? Or maybe from the pagefile if you don't find any there. My best chance of success is usually from recovering as many other passwords as I can and just trying those.
_________________
Greg Marshall, EnCE 
 
  

LonelyWolf
Member
 

Re: Stuffit self extracting compressed file - password....

Post Posted: Apr 12, 05 22:07

oh from tha pagefile?

interesting, how someone could retrieve password (and other useful information) from it?
Is there some tool that perform pagefile "parsing" or "interpreation"?  
 
  

gmarshall139
Senior Member
 

Re: Stuffit self extracting compressed file - password....

Post Posted: Apr 12, 05 23:11

Searching the pagefile is really like searching the unallocated space. Data has to be carved out, but you can find a lot there. It can be parsed with any good forensic tool.
_________________
Greg Marshall, EnCE 
 
  

Andy
Senior Member
 

Re: Stuffit self extracting compressed file - password....

Post Posted: Apr 13, 05 00:01

Thanks

Andy  

Last edited by Andy on Aug 01, 05 14:16; edited 3 times in total
 
  

LonelyWolf
Member
 

Re: Stuffit self extracting compressed file - password....

Post Posted: Apr 13, 05 00:46

Hi greg,
this thing of pagefile it's really interesting for me..
but you have to perform the pagefile analysis "offline" or you can do it with os in execution?

Thanks

Lonely Wolf  
 
  

gmarshall139
Senior Member
 

Re: Stuffit self extracting compressed file - password....

Post Posted: Apr 13, 05 13:17

You can't access the pagefile of a live system. I'm speaking of a forensic analysis of a system. You can search it manually for file headers, text, etc. Or use something like FTK's data carving feature or Encase Enscripts.
_________________
Greg Marshall, EnCE 
 

Page 1 of 1