Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook

[-]
Tags
passware evidence electronic encrypted discovery decryption forensic

tarekma7Promo2day Review Passware Kit Forensic: encrypted electronic evidence discovery and decryption
#1
Passware Kit Forensic: The world leader in encrypted electronic evidence discovery and decryption

[Image: 1ZLUqGY.png]

Passware Kit Forensic is the complete encrypted electronic evidence discovery solution that reports and decrypts all password-protected items on a computer. The software recognizes 300+ file types and works in batch mode recovering passwords.

[Image: SHckaam.png]
[Image: Bbuzz6W.png]

Homepage

https://www.passware.com/

Product page:

https://www.passware.com/kit-forensic/

Download Free Trial:

Free demo can be downloaded in the website after you enter your email address. The download link will be sent to your email address

System Requirements:


PC platforms (64-bit only): Windows 11/10/8.x, or Microsoft Windows Server 2022/2019/2016/2012
macOS Monterey (12), Big Sur (11), Catalina (10.15), or Mojave (10.14)

Hardware Requirements:

1 GHz processor (2.4 GHz recommended)
4 GB of RAM (8 GB recommended)
1 GB of free hard disk space (more if you use custom dictionaries). For hardware acceleration on some strong file types, it is recommended to have 2 x (RAM + GPUs RAM) of free disk space for paging file.

Limitations of the demo version:

Recovers either the first 3 letters of passwords or passwords containing no more than 3 characters
Allows each of the attacks to run for up to 1 minute
For Windows users, resets a 'Demo12345' password only
For FDE decryption, has limitations on the volume size:
64 MB for VeraCrypt, TrueCrypt, and PGP WDE,
384 MB for FileVault,
512MB for APFS.

The demo version helps you to evaluate the product and check if your files are supported.

Minimum system requirements:

Microsoft Windows Vista, Server 2003/2008/2012, or Windows 7/8.x/10 (64-bit only) installed and configured on your system

1 GHz processor (2.4 GHz recommended)

512 MB of RAM (1 GB recommended)

150 MB of free hard disk space (more if you use custom dictionaries)

Passware software supports PC platforms only. However, it can recover passwords for some FileMaker files created on Macintosh. You can run Passware products on a Virtual PC or Parallels Desktop to unprotect your files. For Windows Key, a Windows Setup CD (32-bit or 64-bit) is required, as well as a burning CD-RW drive in order to record a password reset CD instead of the USB disk.

Current version: 2022.2.0 [Major New Version]

Release date:  Apr. 12, 2022

User Interface:

[Image: d7h4OrP.png]

Tools menu:

[Image: WSFuU06.png]

Help Menu:

[Image: pGqZFhl.png]

Passware Kit Editions:

[Image: OMnyAut.png]
[Image: kMFzezF.png] 

Purchase and SMS subscription:

You can complete your purchase here:

https://www.passware.com/buy-all/

Software Maintenance and Support (SMS)

Protect your Passware investment by ensuring you have constant access to technical support and the latest product enhancements. Renewing your Software Maintenance and Support (SMS) makes certain you have the latest Passware Kit features – we issue four major releases and multiple minor updates each year.

https://www.passware.com/kit-forensic/sms/Pro

SMS Subscription Benefits

Always up to date with automatic software updates

Special offers from Passware partners

Four major releases per yearDownload software anytime

Multiple minor updates and bug fixes

Additional dictionaries

 Automatic updates enabled:

[Image: vCvctfp.png]

New Features:

 

Passware Kit Forensic 2022.2.0 (April. 12, 2022) 

Passware Kit 2022 v2 introduces support for bcrypt (also known as Blowfish), one of the most secure hashing algorithms. The software scans hash lists (TXT files), detects the hash type used and recovers passwords. The following hashing algorithms are supported: bcrypt, MD5, SHA1, SHA256, SHA512, DES, and Windows NTLM/LM.

The new version of the Passware Kit also decrypts QuickBooks 2022 databases, bypasses Windows Hello protectors on Windows 11, recovers passwords from Dashlane browser extension databases and OneNote Revision Store files, and extracts hidden records from iCloud Keychain from macOS Monterey. It also features multiple improvements to the Full Disk Encryption option.

On top of this, Mac version now supports OpenCL GPU acceleration.

New Features include:

Password recovery for bcrypt hash

Passware Kit for Mac with GPU acceleration support

QuickBooks 2022 support

Windows Hello protectors bypass for Windows 11

OneNote Revision Store support

FDE decryption improvements

Password recovery for Dashlane browser extension

Improved iCloud Keychain records extraction

New dictionary: Icelandic

UI improvements

UI improvementshe Performance tab now displays the average password recovery speed.

There is now a Troubleshooting tab in the Options dialog box, which allows for advanced configuration settings and simplifies troubleshooting.

And finally, the new Passware Kit Agent looks great on high-resolution displays.

NEW Features in version 2022.1.0 [Dec. 15, 2021]:

Support for Windows 11

Support for macOS Monterey

GPU-accelerated password recovery for Acronis backups

List of passwords supported by the Known Password attack

Instant LUKS2 decryption via memory analysis

Support for LUKS2 AES-CBC plain encryption

Batch mode improvements

New Passware dictionaries

Hardware Benchmark added to Demo version

Shutdown and Reboot options in the Bootable Memory Imager

“About” box allows copying the product key, version, and product name 

Passware Kit is the fastest decryption tool available,  

This is because it applies all available computational resources for maximum efficiency. Passware Kit uses multiple CPUs, NVIDIA, and AMD GPUs; Decryptum and multiple computers (for both Passware Kit Forensic and Passware Kit Business). GPU (Graphics Processing Unit) cards accelerate password recovery up to 400 times versus CPU-only systems. Passware Kit supports all types of NVIDIA (GTX, Tesla) and AMD GPUs. Up to 12 GPUs are supported per host computer. 

Hardware Acceleration of Password Recovery Attacks (Passwords/second): 

[Image: 9m6H8OS.png] 

Password recovery performance: 

[Image: 5mJLRtG.png] 

[Image: dQwffR6.png]

Features: 

Detect encrypted files and containers 

Find all encrypted or password-protected documents, archives, and other files. Sort by decryption complexity. Passware Kit Forensic detects 300+ file types. 

[Image: k1o9Jtg.png] 

Extract encryption keys and passwords from memory images 

Quickly scan memory images and hibernation files. Extract encryption keys for FileVault2, TrueCrypt, VeraCrypt, and BitLocker for instant decryption of disks and containers. Build password dictionaries or extract account passwords for Windows and Mac. 

[Image: JWjttS3.png]

Use hardware acceleration and distributed password recovery

Increase password recovery speed up to 400 times by using a single GPU (Graphics Processing Unit) card, and up to 12,000 times by using a single Decryptum PR 2080TI-S/12 4U unit. Distribute password recovery tasks over a network of Windows or Linux computers, as well as Amazon EC2, for linear scalability. For even higher performance use Decryptum, our ultra-compact liquid-cooled GPU accelerated devices - world's fastest scalable turn-key decryption solution for password recovery.

[Image: qhwwkm3.png]

Passware Kit Forensic supports 300+ files

Passware Kit Forensic features instant decryption of BitLocker, TrueCrypt, FileVault2, and PGP hard disk images, accelerated password recovery for MS Office documents, and instant recovery of website passwords.

MS Office, PDF, Zip and RAR, QuickBooks, FileMaker, Lotus Notes, Bitcoin wallets, Apple iTunes Backup, Mac OS X Keychain, password managers, and many other popular applications. 

[Image: EVumJZt.png] 

For the full list of file types; check here: 

https://www.passware.com/kit-forensic/filetypes/ 

Network Distributed Password Recovery: Passware Kit Agent: 

[Image: b2DYJVM.png]

Passware Kit Agent is a network distributed password recovery worker for Passware Kit Forensic. It runs on Windows (64-bit only), Linux (64-bit only), and Amazon EC2, and has linear performance scalability. Each computer running Passware Kit Agent simultaneously supports multiple CPUs, GPUs, and TPR accelerators. Passware Kit Forensic comes with 5 agents included with ability to purchase more separately as needed.

Mask attack:

Passware adds a new password recovery method: Mask attack that checks passwords matching a specific pattern. A password mask is a string that displays a position of character candidates in a password.

[Image: aQdXb38.jpg]

The new attack allows users to skip unnecessary character combinations and reduces time spent on brute-force password recovery.

The Mask attack is compatible with hashcat mask files (.hcmask).

Password recovery for iWork 2020 files:

Passware Kit recovers passwords for iWork files: documents created with Pages, Numbers, and Keynote. The new version introduces GPU-accelerated password recovery for the latest iWork 10.2.

New modifier: English – Arabic keyboard layout transliteration

The new version of Passware Kit adds support for English <-> Arabic keyboard layout transliteration to the Substitute Characters modifier, which is applicable to all types of brute-force attacks: Dictionary, Xieve, Brute-force, Previous Passwords, etc.

This makes it possible to recover passwords when an English word is typed in the Arabic keyboard layout and vice versa.

GPU acceleration for NTLM hashes:

Passware Kit now accelerates the recovery of Windows user passwords from NTLM hashes. It features a GPU acceleration on both NVIDIA and AMD cards, providing the average speed of 19 billion (!) passwords per second on an NVIDIA 2080Ti.

Decryptum DPR 2080TI-S/12 4U provides the speed of up to 180 billion passwords per second.

Improved performance for Zip AES password recovery:

GPU acceleration of password recovery for Zip archives is even greater now! Passware Kit 2020 v4 recovers Zip AES passwords 40% faster, reaching the speed of 6 million passwords per second on an NVIDIA 2080ti GPU.

Decryptum DPR 2080TI-S/12 4U is now over 280% faster, processing up to 40 million Zip AES passwords per second.

Password recovery for 7-Zip archives on Linux and Mac

Passware Kit Agent for Linux and Passware Kit Forensic for Mac now support password recovery for 7-Zip archives, in addition to the Windows version of the Passware Kit.

Reports saved as CSV files:

Passware Kit is now able to save password recovery reports as CSV files. This makes it easy to process decryption results using third-party tools. CSV reports include the following information: file path, account name, and password.

How to use Passware:

After Encryption Analyzer has listed the encrypted items, you can sort them according to their decryption complexity by clicking the “Recovery Complexity” column. The files are now sorted from “Instant Unprotection” all the way through to the “Brute-force – Slow” strategy. Now, you can start the password recovery process directly from Encryption Analyzer. Simply; select the files that you want to decrypt and click the “Recover Passwords” button, which initiates a batch password recovery process for each of the files.

[Image: YqCqD7L.gif] 

You can also find images of hard disks encrypted with TrueCrypt, VeraCrypt, PGP, BitLocker, LUKS, etc. All you have to do is to make sure that the option “Scan for encrypted containers and disk images” is enabled 

[Image: 7nLINPu.png] 

The built-in incremental search option can be used to narrow down the set of files to work with. After the analyzer completed  the encrypted evidence, you can find and display files by name, encryption type, or decryption complexity.

[Image: 3HXJx3q.png] 

Full Disk Decryption: 

Passware Kit Forensic decrypt hard disks encrypted with BitLocker, TrueCrypt, VeraCrypt, LUKS, FileVault2, McAfee EPE, DriveCrypt, and PGP. The program scans the physical memory image file  which was acquired while the encrypted disk was mounted, even if the target computer was locked then extracts all the encryption keys, and decrypts the given volume.

Decrypts or recovers passwords for APFS, Apple DMG, BitLocker, Dell, FileVault2, LUKS and LUKS2, McAfee, PGP, Symantec, TrueCrypt, and VeraCrypt disk images. Supports batch processing. Optional Passware Kit Forensic T2 Add-on recovers passwords for Macs equipped with Apple T2 Security Chip. Available for law enforcement and other types of government organizations. 

[Image: yvrtK0X.png] 

Password Recovery Options: 

You can use predefined settings, advanced customized settings or the run wizard and follow simple steps to start the recovery process. The recovery time depends on the password length and complexity 

[Image: WFNxB30.png] 

[Image: G5Io1Ci.png] 

Export and import scan results 

Using the built-in portable USB version, you can check any computer without installation to identify all encrypted items then export the results along with any files relevant to your work computer to perform batch decryption. You can easily save the scan results using the “Copy to Folder” option 

Live Memory Analysis 

[Image: cDG7HZx.png] 

Passware Kit extracts multiple evidence types from memory images and hibernation files in a single streamlined process. The following data can be extracted: encryption keys for BitLocker, TrueCrypt, PGP, FileVault2, and other FDE; passwords for Windows and Mac users; passwords for websites; and many more 

Windows Password Recovery: 

[Image: STq0xj6.png] 

With Passware Kit, you can reset a password for any local or Active Directory Administrator account. All versions of Windows and all Service Packs are supported. All passwords are reset instantly. The process is very easy and completed in two steps. First; create a password reset CD or USB image using windows password button on the main screen and burn it on a disk. Second; reset the password with the bootable CD or USB disk. That’s all! 

Recover passwords for mobile and cloud backups and images: 

The program can easily recover passwords from mobile and cloud backup and images. To start the password-recovery process, click Mobile and cloud on the Start Page, choose either the iPhone Backup or Android Backup option and locate your file. A brute-force password recovery process will start. 

[Image: PiJm10Y.png] 

Recover passwords for websites, email and network connections:

You can use this tool to recover lost passwords from websites, emails and network connections 

[Image: DtwF3Ru.png] 

Recover password from password managers: 

For example; 1password, lastpass, keepass 

[Image: 7nK5pAB.png] 

Standalone system: 

You can use passware to extract passwords of standalone system from external registry files 

Extracting Passwords from the Acquired Windows Registry: 

[Image: vbQLtph.png] 

The Microsoft Windows operating system stores passwords and other login data for the installed applications on a system disk in the user profile directory, as well as in a hierarchical Windows registry database. By acquiring this database from a target system, computer forensics gain a source of invaluable data essential for an investigation.  

An examiner can use a set of external registry hives and user profile files acquired from the target computer or its disk image for password recovery and electronic evidence discovery. 

The “Standalone System” option, which is used to extract logins and passwords, is available in the Forensic edition of the Passware Kit only. 

Transferring a Password Recovery Process to a Different Computer: 

Did you know that Passware Kit can create a snapshot of a password recovery process at any time and resume it on a different computer? 

Running a password recovery attack, especially for multiple files or drives, might be a long process that requires a lot of hardware resources. In some cases, it might be necessary to put an attack on hold to launch a different attack, or to resume the same attack on a more powerful hardware setup with multiple Passware Kit Agents. 

Passwords extraction from Windows systems protected with PIN/Picture password: 

Passware Kit adds support for Windows 10 and 8 standalone systems protected with Windows Hello: PIN or Picture password. It recovers the user PIN or Picture password and extracts passwords and other data from the registry. 

Working with Passware Kit Portable:

This is a very useful tool that will let you find encrypted files and recover lost passwords on other computers without installing the software. The Portable Version can be installed on any removable device, i.e., a USB drive or a CD (USB recommended), and then used directly from this device on a target computer. Passware Kit Portable does not modify settings or files on a target computer (registry records, patched or unprotected files, etc.). The process is very easy. Simply prepare a portable version on a CD or USB disk then run on the target computer 

Program Options: 

General: 

[Image: JqNl5rg.png] 

Folders: 

[Image: HDeaeaE.png] 

Updates: 

[Image: DuniwEr.png] 

Logs: 

[Image: oeRbTZW.png] 

Customer Experience: 

[Image: A3IZM4R.png] 

System Info: 

[Image: Xc99yzO.png] 

Password Exchange:

Password Exchange is a new opt-in service available for Passware Kit Forensic customers. It provides access to the list of passwords found by Passware Kit users worldwide, offering it as an advanced dictionary to improve chances of finding strong passwords. It is also possible to use Password Exchange in air-gapped environments using manual export and import of human-readable text files. You can enable or disable this feature in the program options. The information sent include password found, file type, attack type, time it took to find a password. No other information is sent. 

[Image: ddOxEPt.png] 

[Image: zVHo30U.png] 

Conclusion: 

Passware Kit Forensic Lab is a complete encrypted evidence discovery and password cracking package for a forensic laboratory. It supports 280 file types and is very fast. Passware Kit Forensic comes with 5 agents included. It has many features and tools which will help you to easily decrypt windows, mobile, cloud images and backups. It can also help you to easily recover admin password.

Important Links: 

Homepage 
https://www.passware.com/ 

Product page: 
https://www.passware.com/kit-forensic/ 

Download Free Trial: 
https://www.passware.com/try-free/ 

Training: 
https://www.passware.com/training/ 

Support: 
https://www.passware.com/support/ 

How to decrypt BitLocker using Passware Kit: 
https://support.passware.com/hc/en-us/ar...ssware-Kit 

How to use a Mask Attack 
https://support.passware.com/hc/en-us/ar...ask-Attack
Reply
#2
Thanks a lot for a very exciting review, Tarek!
Thumb
Reply
#3
Nice review.
Thank you.
Reply
#4
[Image: hQWFYfg.png?1]

Passware Kit Mobile Beta

Forensic tool that extracts and decrypts user data from mobile devices.
Passware forensic products are used by the world’s top law-enforcement agencies to crack cases where decryption is required – with a 70 percent success rate.

Passware Kit Mobile
The developing team has worked hard to build the next generation of decryption solutions for mobile devices

The beta version of Passware Kit Mobile supports the decryption of 160+ mobile devices, including Apple iPhones, iPads, and Huawei phones.


Key features:

Bypasses or recovers passcodes
Decrypts application data
Extracts accounts and passwords
Accelerates password recovery on a GPU
Extracts encryption keys from hardware-backed Keystore
Runs on Windows and macOS


Reply
#5
Topic updated with the NEW Version
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Promo2day Review Passware Kit Forensic 9.1 UPDATE: The complete electronic evidence discovery solution tarekma7 20 8,860 02-11-2020 , 01:43 PM
Last Post: ImnotwiththeFBI
  Promo2day Review Passware Kit Forensic 2020 Review tarekma7 2 3,365 02-08-2020 , 08:14 AM
Last Post: phobic
  Passware Kit Forensic tarekma7 11 7,819 05-25-2017 , 01:10 PM
Last Post: Mohammad
  Passware Kit Standard 2016 V.4 asus73 6 3,386 11-11-2016 , 11:07 PM
Last Post: baziroll

Forum Jump:


Users browsing this thread: 1 Guest(s)