n0fate
commented
9 years ago If your target isn't live and you don't know password, you can't decrypt user keychain. But you can decrypt a system keychain and extract WiFi SSID/password and SMB user/password information if you have disk dump.
trusktr
...and I don't have the suspect's password, and the system isn't live (it's just a disk dump)?
Will this tool have any chance of breaking the keychain? Could you give more detail on how?