search

sleuthkit / autopsy

Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card.
http://www.sleuthkit.org/autopsy/
2.41k stars 597 forks source link

Extract password protected ZIP fils #510

Closed bcarrier closed 5 years ago

bcarrier commented 10 years ago

From: Michael Brown general.bison@gmail.com Subject: [sleuthkit-users] Providing a password for protected archives in Autopsy 3 Date: February 28, 2014 3:02:41 PM EST To: sleuthkit-users@lists.sourceforge.net

Hi all,

Whenever I run the archive extraction ingest module in Autopsy 3 I get the following error when a protected archive is encountered:

"No password was provided for opening protected archive."

How exactly do I provide passwords for protected archives? In Encase it's just a matter of right clicking on the file in table view, I can't seem to find any way to provide Autopsy 3 with a password to use for encrypted archive files.

Anyone have any advice?

kefir- commented 9 years ago

A couple of ideas I'd like to add here:

  1. Collecting all the password protected zip-files in an easy to find location could make handling of these easier, and the investigator is probably more likely to notice them. Referring to the picture at http://www.sleuthkit.org/autopsy/images/v3/overview.png, perhaps under Results -> Extracted content -> Password protected files?
  2. Some encrypted archives show the original file names of all the compressed files in clear text, only encrypting the actual data contents of the files. The file names themselves can be of great interest to the investigator, so they ought to be shown if they are there.
bcarrier commented 5 years ago

This was included in the 4.7.0 release.