Safeguarding Digital Evidence: Don’t Shut It Down!


In the digital age, where information is a precious commodity and evidence is increasingly stored in virtual realms, the importance of preserving digital evidence has become a must in modern investigative practices. However, the criticality of proper handling is often overlooked, potentially jeopardizing access to crucial data during an investigation. In this article, we will once again highlight the importance of meticulous preservation techniques and live session analysis to prevent the loss of digital evidence.

Why password recovery is not (always) an answer

Password recovery tools such as Elcomsoft Distributed Password Recovery are commonly used to recover access to encrypted evidence by attacking (and recovering) the original plain-text password. It is important to realize that most data formats are designed specifically to withstand brute-force attacks. In real life, the attack will probably take a long time, and a chance to break a password to an encrypted container with brute force is far from a guarantee. We collected and analyzed information published about some 53 cases involving encryption, and found out that encryption was only successfully broken in 10 cases. In other words, we strongly recommend performing other types of analysis (and collecting as much supplementary information as possible) before resorting to password recovery techniques.

For example, this is how fast our tool can try VeraCrypt passwords depending on the key generation function and encryption method used. The speed of around 1,000 passwords per second means that even the simplest password consisting of only 6 English letters and no numbers will take 3.5 days to break. As for a typical 8-character password, which includes an unknown mixture of numbers, lowercase and uppercase English letters, breaking it through brute-force would consume nearly 7,000 years. Even if you were to enhance the attack by employing a distributed network of computers, each equipped with several potent GPU accelerators, we would still be facing years, not days, of persistent attacks. A password more complex than that would leave the brute-force attack no chances.

Read more…