Thumbnail image
August 12, 2021
Digital forensics: A tailored approach to password cracking
Corporations and individuals encrypt to protect their sensitive or personal data because it is effective to do so. Sometimes key evidence will lie undiscovered in its encrypted state. This case study is an example of overcoming encryption and obtaining evidence through careful planning and a meticulous approach to constructing a dictionary tailored to the target.


An individual attended an NHS walk-in centre in order to speak to a physician and they divulged a criminal offence which was reported to the police.  Subsequently a large quantity of digital equipment was seized and sent to the digital forensics laboratory for analysis.  During the analysis a large number of unique zip files were located which were password protected and the suspect was refusing to cooperate with the investigation.  Their contents were therefore of interest to the investigation.


There were 1,017 unique password protected zip files for which the passwords were not known.  Compounding this problem was that the user was an interpreter and therefore was conversational in several foreign languages.  Some passwords that were retrievable from the systems showed the use of Japanese words written in the Latin alphabet.  It would therefore be unlikely that commonly available wordlists would be effective. Whilst some circumstantial evidence had been obtained, gaining access to these containers would prove key.


The large number of zip files had different passwords, therefore the process would need to be automated.  The solution to this problem was therefore as follows;

  • Construct a custom word list specific to the suspect and,
  • Automate the extraction of approximately 1,017 zip files

From the 1,017 unique zip files, all but 39 (96%) of them were successfully extracted.  Within the zip files was a selection of files which proved the offence beyond a reasonable doubt and the suspect entered a guilty plea.

If you have any questions about this case study, please contact our defensive security team.

Sign up to our newsletter to receive the latest updates