±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36595
New Yesterday: 4 Visitors: 110

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

.pgd password

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

mark777
Senior Member
 

.pgd password

Post Posted: Aug 13, 05 03:28

I am doing a course and at the moment have a disk to examine with 8 windows partitions, 2 deleted windows partitions and 1 linux partition. The gentleman (and i use the term in the loosest sense) who set the assignment is a specially devious sort of chap and has renamed and hidden a.pgd encrypted drive on one of the windows partitions. I have tried all ways to find the password for it spending hours searching the file slack, swap file and unallocated and everything else to no avail. Have created text files for dictionary in FTK and the password cracker has been running for 9 days using 6 networked machines and still nothing. I am now looking to see if the password may be hidden in an image file using steganography (God i hope it is) and I was wondering if any one knew of any tools that i could use to check image (or any other file) for stegonography. Any ideas would be gratefully appreciated.
Confused Evil or Very Mad Mad
_________________
Mark 
 
  

andy1500mac
Senior Member
 

Re: .pgd password

Post Posted: Aug 13, 05 04:44

Hi Mark,

There is a hash set available for steg software from I believe the NSRL. I used it a few months back in Winhex and was able to match up against some deleted files from a previous installation of s-tool.

Sorry I don’t have the link, googling steganography hash sets should do the trick.

Pretty hard core if the pwd ends up being hidden using the means you suspect….sounds extreme. What kind of course if I may ask?

Andrew-  
 
  

mark777
Senior Member
 

Re: .pgd password

Post Posted: Aug 13, 05 15:42

Thanks for the pointer. The course I am doing is the PG Cert in Forensic computing at Cranfield university
_________________
Mark 
 
  

femur
Newbie
 

Re: .pgd password

Post Posted: Aug 15, 05 18:52

You can try the demo of this product here:
www.accessdata.com/Pro...erview.htm
Works like a charm for PGP disks (.pgd)
Have Fun!
_________________
If aint broke, don´t fix it! 
 
  

mark777
Senior Member
 

Re: .pgd password

Post Posted: Aug 17, 05 00:11

Thanks for that but it has been running for 6 days with no luck so far
_________________
Mark 
 
  

Brian
Newbie
 

Re: .pgd password

Post Posted: Aug 17, 05 15:19

Hi Mark,
I'm going on the theory that the lecturer wouldn't expect you to have a Cray supercomputer at home trying to brute force a password for xx years.
I'd think I would have missed something and would go back to basics:-
Is it really a pgd file? Is it something else that has been renamed etc to look like a .pgd?

Is there anything in the text of the assignment that gives you a clue as to the password itself? e.g "law enforcement raided Mr Blair's cottage "rosebud" and removed a number of laptops, CD roms and a hard disk labelled 123?" (Use rosebud and 123 as possible passwords)

What have you found so far? These might provide clues.
Was there a hidden encrypted word or excel file (or simple plain word, .jpg, .gif file etc). Use 'strings' on these files.
Is there something embedded in the file that doesn't show up when it is normally displayed on screen e.g. pwd=rosebud etc.

I hope this helps - happy hunting

Best Regards
Brian A Crawford  
 

Page 1 of 1