April 17, 2014

ElcomSoft Launches New Software To Crack BlackBerry Device Passwords

(LiveHacking.Com) – ElcomSoft have released a new version of their Phone Password Breaker (EPPB), with the ability to recover passwords protecting BlackBerry phones. Data on a BlackBerry can be protected using a password (known as the the device password) which needs to be entered every time the device it being switched on, or optionally, after a certain timeout. If the wrong password is entered more than 10 times in a row all the data on the phone is erased.

It was previously thought that cracking this device password was impossible, however now ElcomSoft say that it can be cracked in a matter of hours without any danger to the data on the phone.

However there is a caveat. To work, Media Card encryption needs to be configured and set to either “Security Password” or “Device Password” mode.

ElcomSoft estimates that about 30 per cent of all BlackBerry smartphone users opt to protect their media cards with this option, making their devices open to this attack.

To crack the password EPPB only needs the media card from the device. Using a PC with an Intel i7-970, EPPB can try 1.8 million passwords per second in wordlist mode, and about 5.9 million passwords per second in bruteforce mode.

 

Phone Password Breaker Cracks Open the BlackBerry Password Keeper

(LiveHacking.Com) - ElcomSoft Co. Ltd. has updated its Phone Password Breaker software and added the ability to recover the master password which locks the passwords stored in the BlackBerry Password Keeper app. The new version can also unlock the financial information kept in the BlackBerry Wallet app.

The BlackBerry Password Keeper and Wallet apps allow users to store their passwords and their financial information, like credit card numbers, in a password protected store. To unlock the Password Keeper, users must enter the master password.

Elcomsoft Phone Password Breaker can recover the master passwords for the Password Keeper and Wallet apps and so provide forensic investigators full access to stored login credentials and passwords in plain-text.

The Elcomsoft Phone Password Breaker allows forensic investigators to open a BlackBerry backup and then it uses brute-force to recover the master passwords by trying hundreds of thousands of passwords per second.

New Version of ElcomSoft iOS Forensic Toolkit Released: Supports iOS Keychain Decryption

(LiveHacking.Com) – ElcomSoft has released a major update of its iOS Forensic Toolkit, an all-in-one toolkit for iOS acquisition on both Windows and Mac.

ElcomSoft iOS Forensic Toolkit provides easy access to perform physical evidence acquisition to encrypted information stored in iOS base devices. This toolkit offers investigators the ability to access protected file system dumps extracted from iPhone and iPad devices even if the data has been encrypted by iOS 4.

According to the Elcomsoft blog, the decryption capability is unique and allows investigators to obtain a fully usable image of the device’s file system with the contElcomSoft iOS Forensic Toolkitents of each and every file decrypted and available for analysis.

New Features at a Glance:

  • The ability to decrypt contents of the device keychain
  • The ability to perform logical acquisition of the device
  • Logging of all operations performed within Toolkit
  • Support for iPhone 3G
  • Support for iOS 3.x on compatible devices
  • Support for iOS 4.3.4 (iOS 4.2.9 for iPhone 4 CDMA)

The new version of iOS Forensic Toolkit has the ability to extract and decrypt keychain data from iOS devices running iOS 3.x and 4.x. The keychain is a system-wide storage for users’ data to store sensitive information in protected mode.

Another new feature in this version is the audit trail capability. Unique log file will be created by the toolkit to keep the tracks of the activities and help the investigators for the integrity of their investigation.

More technical information is available at ElcomSoft Blog.

Vulnerability in Nikon’s Image Authentication System

ElcomSoft Co. Ltd., a developer of computer forensics tools, has found a vulnerability in Nikon’s software suite that validates images to ensure that they have not been altered. The vulnerability is in the way the secure image signing key is handled by Nikon’s Image Authentication System. The result is that it is possible to produce manipulated images with a fully valid authentication signature.

ElcomSoft has produced a set of forged images that successfully pass validation with Nikon’s Image Authentication Software. The vulnerability exists in all current Nikon cameras supporting Nikon’s Image Authentication, including Nikon D3X, D3, D700, D300S, D300, D2Xs, D2X, D2Hs, and D200 digital SLRs.

The authenticity of photographic evidence is paramount to everyone, from simple court cases to military operations. Recent history has shown that journalists aren’t imune from doctoring pictures to make a headline. In 2006 Adnan Hajj took a photo in Beirut just after the Israeli bombing. He altered the picture in Photoshop and sent it to Reuters, who then published it. In 2003 Brian Walski, a Los Angeles Times staff reporter, merged two photos together for “greater impact.” He was fired as a result.

Like MD5 it looks like Nikon’s Image Authentication System is a thing of the past.

New Cyber Forensic Investigation and System Integrity Software Released; Secure Hash V1.0 Available Today

Released today, a new Windows application to generate digital signatures and verify system integrity. Essential for cyber forensic investigation and useful as an additional security measure ensuring that your system has not been tampered with.

Secure 1st, the network security and cyber forensic specialists, are pleased to announce the release of Secure Hash V1.0. This new Windows application is designed to generate, store and analyse digital signatures. These digital signatures can then be used during a cyber forensic investigation to insure the integrity of the investigation.

[ad code=6 align=left]

Secure Hash scans the hard disk (or any storage media) on a Windows PC and calculates the MD5 and SHA1 hashes of the files and builds a list with other vital information such as file size, location, date of creation and date of modification. The resulting list can be used during a cyber forensic investigation. For example, the investigator may use Secure Hash to save the names, locations and hashes of all the files on a PC during the first stage of the investigation, after the PC has been removed from the crime scene. Later, the investigator could use this information in a court of law or in a lab to generate a report and file list to insure the integrity of the investigation.

Secure Hash also allows for analysis and comparison of the digital signatures. A previously generated list of hashes can be loaded and various filters applied to compare the previous list with the current file states. With filtering, it is easy to discover if any files have been modified, created or deleted as well as finding duplicate files.

“We are very pleased to announce Secure Hash,” said a company spoke person. “This is a simple to use but yet powerful tool. It really is an essential application for anyone doing any kind of cyber forensics.”

Secure Hash is 100% compatible with all versions of Microsoft Windows from Windows 95 to Windows 7 including the 64 bit variants.

About Secure 1st

Secure 1st is an information security company which specializes in Computer Forensic Solutions, Computer Forensic Training Services, and Computer Forensic Consultancy Services. Secure 1st helps its clients to develop and maintain an integrated security infrastructure that can prevent and minimize the effect of possible security lapses.

Whodunnit? Tools to manage investigations

As you already know or you will learn your first time in court, proper documentation of your investigation is a must for all your cases. Unfortunately your case plan, notes, evidence and even how you come to the conclusion of your investigation can be more complex and harder to manage then the case itself.

Read the full article here.

Source: [Computerworld}

REMnux: A Linux Distribution for Reverse-Engineering Malware

REMnux is a new Linux distribution based on Ubuntu for assisting malware analysts in reverse-engineering malicious software. REMnux is designed for running services that are useful to emulate within an isolated environment to performing behavioural malware analysis. As part of this process, the analyst typically infects another laboratory system with the malware sample and directs potentially-malicious connections to the REMnux system that’s listening on the appropriate ports.

REMnux is also useful for analyzing web-based malware, such as malicious JavaScript, Java programs, and Flash files. It also has tools for analyzing malicious documents, such as Microsoft Office and Adobe PDF files, and utilities for reversing malware through memory forensics. In these cases, malware may be loaded onto REMnux and analyzed directly on the REMnux system without requiring other systems to be present in the lab.

It is important to highlight, that REMunx is not a Windows analysis tools on a Linux platform. Zero Wine project may help those who are looking for a Windows analysis tool.

You can download the REMnux distribution as a VMware virtual appliance archive and also as an ISO image of a Live CD

REMnux has been developed by Lenny Zeltser