Passware announced Passware Kit Forensic 11.7, which includes live memory analysis and subsequent decryption of MS Word or Excel 2007-2010 files. In addition, the new version instantly decrypts PGP Whole Disk Encrypted volumes and recovers passwords for Apple disk images.
“Until now, there had been no solution available commercially to crack MS Office 2007-2010 encryption in predictable time. Brute-force attack was the only method available,” said Dmitry Sumin, president, Passware, Inc. “With our focus on live memory analysis, which makes instant recovery of MS Office encryption keys and the ability to use them to decrypt the documents possible, we continue to pioneer decrypting MS Office documents.”
The latest version of Passware Kit Forensic includes live memory acquisition over FireWire and subsequent recovery of a file’s encryption key – regardless of the password length and complexity. This method works if the target MS Word/Excel file was open on a seized computer at the time of its memory acquisition, or when the computer last went into ‘sleep’ mode.
Other memory analysis options provided by Passware include decryption of BitLocker, TrueCrypt, PGP, and Mac FileVault 2 hard disk images, and recovery of Mac user login passwords.
According to Per Thorsheim, organizer of the “Passwords^12” conference in Norway, “With the addition of instant Microsoft Office password recovery to an already impressive range of features, Passware takes a big step in the evolution of forensic tools. Where we previously could not recover passwords from document files with strong encryption, Passware now offers a solution for instant Office file password recovery in many situations. For forensics work, this is without doubt a very useful feature, and is probably the only solution of its kind in the market today.”
Moreover, while these new enhancements may draw concerns from IT security professionals who wonder what effective encryption methods remain, Thorsheim continues, “As security professionals, it is once again time for us all to update our threat analysis, where existing and new configuration options should be considered for safeguarding sensitive and secret information. This applies to both hardware as well as software options, and should be analyzed carefully.”