Detailed Course Outline:
Session 1: Detecting Encrypted files
Types of files and encryption able to be detected
Identifying types of files to decrypt
Saving and loading Encryption Analyzer search results
Session 2: File Password Recovery
Types of files supported
Predefined settings / Wizard
Session 3: Custom dictionary and Keyword lists
Creating custom dictionary and keyword lists
Importing those lists to recover passwords
Password Exchange
Session 4: Types of attacks available in Passware Kit Forensic
Overview of the various types of attacks, and how they work
Applying attacks and customizing attack settings
Session 5: System and GPU Recommendations
- Hardware acceleration
Supported hardware: GPU Nvidia and AMD cards
Supported file types
- Distributed Password Recovery
Network Setup
Windows Agent
Linux Agent
Session 6 and 7: Memory Analysis
Types of encryption-related evidence that could be extracted from a memory image
How to create the memory image
How to use hibernation files
Loading it into Passware Kit Forensic for analysis
Session 8 and 9: Mobile Forensics
Recover password for encrypted backup
Recover passwords from iOS keychain\
Recover password for an Android image
Session 10: Resetting a Windows Admin password
Creating the bootable USB / CD
Booting the machine and resetting the password
Session 11: Standalone System
Recovering passwords from the registry files
Identifying files required to do the analysis
How to obtain the registry filesz
Session 12 and 13: Full Disk Encryption
Types of Full Disk Encryption
Choosing between memory analysis and password recovery
Decrypting various different volumes
Session 14: Completing the Analysis
A review of best practice procedures
Exporting the results and saving the details for a report
Session 15: Batch Recovery & Dictionary Manager
Why use batch recovery
Adding files and creating groups for batch recovery
Sorting by complexity
Attack and timeout settings for batch recovery
Adding, merging and sorting dictionaries
Compiling dictionary from a memory image