Anything related to computer forensics (new section!)
August 17th, 2015, 10:14
All encrypted files have file header 0x01 D6 EB F8 at offset 0.
Anyone know what utility/program that have been used to creating the files? It is very old around, 2001-2005.
August 17th, 2015, 10:49
is there any other hints at all? what were the files encrypted for, backup, security? personal or enterprise? I assume windows system?
anything stored with the encrypted files as a hint?
have you tried to see if it is some kind of archive format, like just right click with 7-zip and say extract here..
many times some clue will tip you off to at least where to look for the util used.
August 17th, 2015, 14:16
Yes, unknown for 7-zip etc.
Windows system. Personal office files and other files. Same header for them all and they looks very similar "inside".
After the header info, the original file name follows and after that all is encrypted. Client remember the password but not the application used.
August 17th, 2015, 15:36
what's the files extension ?
August 17th, 2015, 17:00
jermy wrote:what's the files extension ?
Some original extension and some original.enc (file.doc.enc for example)
August 18th, 2015, 7:35
Thanks for trying to help, but the files is not uuencoded or some of the other suggestions by the above sites.
August 18th, 2015, 8:59
Did you try trID (
http://mark0.net/soft-trid-e.html) or something like that on a file ?
August 18th, 2015, 17:13
Cobian Backup software also uses .enc on encrypted files.
It was a common software to do backups around here (some still use it now).
August 19th, 2015, 7:20
pclab wrote:Cobian Backup software also uses .enc on encrypted files.
It was a common software to do backups around here (some still use it now).
No luck yet. The client thinks that it was a single click encrypt/password protect for every file. Could have been a plugin for the old office suite or open office.
August 19th, 2015, 9:05
If the client is a business, it is possible there may be documentation/licences for the software tucked away in an office draw. Also if they have any old systems, there may be a util still there. Also any old employees may remember.
This sort of thing sounds like a silly problem, but amazing how often you hear it.
here is another example:
I worked in a railyard and there was a weighbridge there to weigh shipping containers(we call them boxes) and trucks. truck would come in with a box on, weigh the whole thing.. truck goes out without box and weigh it again. take 2nd weight from first and you had the weight of the box.
The weighbridge electronics and operating system was written, designed and installed by a guy that passed away, and no electronic company could work out the problems with it. in the end they filed the whole lot in and built a new one.
August 19th, 2015, 17:41
HaQue, good points! I'll do some checking.
Powered by phpBB © phpBB Group.