Hi
This Question is Like Old Wine in New Bottle.
Every DR professional come across Encrypted MSOFFICE / ZIP /RAR and OUTLOOK files.
Almost all commercial softwares employ either Dictonary or Brute Force attack which is Ok if password is limited to 5-6 characters (Even this lenghth is painful if password contains special characters).
Its Practically impossible to recover password ( more than 9 characters) from MSoffice 2003 files which employs RC4 algorithm (128 Bit) using brute force , as even a fastest computer will take ages for it.
Acessdata Portable Office Rainbow Tables is a comprehensive suite which can decrypt ms office files but it is whooping $2495 , so is out of reach of average person.
Does anyone know how microsoft Encrypts documents? if we could open file in hex editor and know the location where password is stored we can reset it.
I am interested to know how Tally v7.2 / Tally v9 ( an indian accounting software ) keeps its password. If anyone knows it pls pm me.

Thanks and Regards
Hddbug

Hi,

the PWD is not stored in the file that's for sure. Encoding and decoding requests the PWD from the user, so that's not an option...

pepe

_________________
Adatmentés - Data recovery

Hi
Thanks PEPE ,
Yes we can get password from users , in Forensic Analysis or in lot of cases where users forgot password we need to manually recover it. We got lot of cases where employees delibrately lock files before leaving organisation and customer forwards such jobs for password recovery.
Lot of companies do online password recovery within minutes , i think they must be knowing how to reset password. If anyone has done reverse engineering probabaly he will be able to shade light on the subject.
Thanks and Regards
Hddbug

To accelerate process of password recovery Password recovery PODS are available .

http://www.tableau.com/index.php?pageid ... l=TACC1441
Thanks
Hddbug

Hi hddbug,

There is a flaw in zip compression in winzip 9 I think. Those passwords are easy to get. Then you can get the rest since most people use the same or similar passowrds for everything. We have AccessData PRTK if you need help.

A

Hi acforensics

Thanks a lot . Yes i will get back to you for any help.
Best Regards
hddbug