Professional Documents
Culture Documents
UserGuide
www.LostPassword.com
Quick Start
Recovering a lost password is easy with the Passware Kit. Simply follow these
basic steps:
1. Launch the Passware Kit application.
2. Click the link on the Start Page that relates to the type of password you
want to recover (file, e-mail and network, or Windows Administrator).
3. Follow the instructions on the screen -- for some types of passwords, such
as file passwords, you have to fill out a few fields; for other types, such as
Outlook Express account passwords, the password recovery process starts
immediately.
4. When the password recovery process is complete, the results are displayed
in the window.
5. You can then save and print the results.
NOTE: At any time when using Passware Recovery Kit, you can click the Start
Page button at the top of the screen to cancel out of what you are doing and
start over.
Important Buttons
Here are a few of the most commonly used buttons.
Takes you to the Start Page (the page that appears
when you launch the application).
Starts the currently selected action, such as a
password attack or search for protected file.
Takes you to the previously displayed page, just as
in an Internet browser.
Takes you to the next page in your browsing
sequence.
Opens this Help file.
Window Arrangement
The main application window is divided into two main parts. The left pane lists
available actions (these vary, depending on what you are doing), and details
about the currently viewed action, if there are any.
The wider, right pane is where you select choices, enter values, and view
password recovery and protected file search results.
At the bottom of the window is a status bar that may contain hints on how to
proceed.
Once the Passware Kit discovers the password for a file, it remembers that
password. If you ever forget the same password, you don't have to run all the
attacks again - simply select the file, and the Passware Kit displays the
password immediately.
If one or more passwords in the original file were reset (changed) or removed
(for example, QuickBooks QBW passwords to open or MS Excel Workbook and
Worksheet passwords), the Passware Kit creates an unprotected file that is
listed in the results of the password recovery process. If the Passware Kit
recovers all original passwords, it doesnt create the unprotected file (for
example, MS Excel passwords to open and MS Access passwords).
What do you want to do?
Use the Password Recovery Wizard - best for users who know
something about their passwords, but are new to password
recovery.
Run the default attacks - best for users who know nothing about
their passwords.
Use the Attack Editor - best for advanced users and who are
decrypting strong passwords.
Learn about reports and log files
Symbols
Non-dictionary, but Similar to a Dictionary Word
Other
numbers)
Sample password: "qw3erty"
11. Xieve Attack (passwords similar to English words, from 10 to 11 letters,
lowercase, level "Low" - checks almost all combinations of letters)
Sample password: "sweetemily"
The Attack Editor window is divided into three parts. On the left, you see
available actions and details. In the middle are the attacks which will be run,
and on the right is an "attack tree" which lists available attacks and attack
modifiers.
Once you have the attacks the way you want them, start the attacks by
clicking the Start button at the top of the window
clicking the Start Recovery button in the bottom right corner of the
Attack Editor window
clicking on the Start Recovery selection in the Actions area of the left
pane.
What do you want to do?
Add an attack
Remove an attack
Rearrange Attacks
Use Attack Modifiers
Reset attack settings to their default values
Save or load attacks
Sort attacks according to duration
In the report, you'll see any recovered passwords. Click on a "copy" link to
copy a password to the Windows Clipboard. For files with instant unprotection,
you can click on a filename to open a protected or unprotected file
Attacks Report
The Passware Kit also reports which attacks it used, how long they took, their
state (such as started, successful, or unsuccessful), and what passwords were
recovered by which attacks. To view this report, click the Attacks tab at the
bottom of the window. A sample Attacks Report is shown below:
Log
A third type of information provided by the Passware Kit is a log that tracks
each attack's start and stop time, and other useful information. To view the
log, click the Log tab at the bottom of the window. A sample Log is shown
below:
How to Start
Select multiple files for decryption using the Recover File Password option
at the Start Page.
You can also initiate password recovery for multiple files from the results of
the Search for Protected Files option. Select the files that you want to
decrypt from the list of encrypted files displayed by Passware Kit. Then click
the Recover button as shown below:
For each group (except for Known Password and Instant groups, for which
the password is recovered instantly regardless of its settings) you can use the
Predefined settings, or customize them in Attack Editor. Click the Save
Settings and Return button to save the changes and return to the list of
files.
While the password recovery is in progress, you can pause, resume, or stop it,
as well as skip attacks, files, or groups.
As a result, Passware Kit displays the passwords recovered, as well as a log
file. A sample result is shown below:
You can enable the option to create unprotected files automatically when a
password is recovered or reset at Tools | Options | Folders. When batch file
processing is complete, unprotected copies of the files will be saved in a single
folder. Supported file types: MS Office, Zip, FileMaker, SQL, MYOB, and
QuickBooks.
2. Click the Start Scan button in the bottom-right corner of the window. This
scans your entire computer system for password-protected files.
A dialog box appears to indicate the scan is complete:
Scan Options
The software offers four options of the scan. Which one you use depends on
what type of password-protected file you are looking for, and how fast you
want the scan to run.
Scan
Option
When to Use
Scan
system
folders
Scan slow
file types
Scan for
encrypted
containers
and disk
images
Use this option if you assume that your system has TrueCrypt
containers and other disk images. There might be false
positives with this option.
Calculate
MD5
Use this option if you need your reports completed with MD5
hash values for each encrypted file detected. Otherwise,
disable it as it slows down the scan speed.
Enable or disable these options in the Scan Options area of the window,
shown below:
The Status Bar, visible along the bottom of the window, gives a summary
of the number of protected items found and the total number of items
scanned.
The Scan Status area summarized the scan status. A sample is shown
here:
NOTE: If you want, you can turn off the Status Bar.
You can temporarily pause or cancel a scan at any time.
You can cancel a scan at any time by clicking the Stop button in the toolbar:
NOTE: Clicking on the Items Skipped line in the Last Scan area displays the
scan log.
What do you want to do?
Work with selected files from the scan results
Customize the appearance of the scan results
Save the file list
Save the scan log
2. Click BitLocker (or press Ctrl+B). This displays the screen shown below:
3. Click Browse and locate the image file of the BitLocker encrypted volume
or partition.
4. Click Browse and locate the physical memory image (memory.bin) or the
hiberfil.sys file from the computer to which your encrypted volume was
mounted. If you do not have this memory image and the target computer
is still powered on, click Acquire a memory image and follow the on-
screen instructions.
NOTE: If the target computer is turned off and the BitLocker volume was
dismounted during the last hibernation, neither the memory image nor the
hiberfil.sys file will contain the encryption keys. Therefore, instant
decryption of the volume is impossible. In this case, switch to The
BitLocker volume is dismounted option, and Passware Kit will assign
Brute-force attacks to recover the password for the volume.
5. Click Next.
This procedure initiates the encryption key recovery process. The recovery
might take several minutes depending on the size of the memory image file.
The results are displayed when the recovery is complete. The figure below
shows a sample result.
2. Click TrueCrypt (or press Ctrl+T). This displays the screen shown below:
3. Click Browse and locate the TrueCrypt volume file or its image file.
4. Click Browse and locate the physical memory image (memory.bin) or the
hiberfil.sys file from the computer to which your encrypted volume was
mounted. If you do not have this memory image and the target computer
is still powered on, click Acquire a memory image and follow the onscreen instructions.
NOTE: If the target computer is turned off and the TrueCrypt volume was
dismounted during the last hibernation, neither the memory image nor the
hiberfil.sys file will contain the encryption keys. Therefore, instant
decryption of the volume is impossible. In this case, switch to The
TrueCrypt volume is dismounted option, and Passware Kit will assign
Brute-force attacks to recover the password for the volume.
5. Click Browse and select the location and name of the destination file (the
image of the decrypted volume).
6. Click Next.
This procedure initiates the decryption process. The decryption might take
several minutes depending on the size of the memory image file. The results
are displayed when the decryption is complete. The figure below shows a
sample result.
2. Click PGP WDE (or press Ctrl+P). This displays the screen shown below:
3. Click Browse and locate the encrypted PGP volume image file.
4. Click Browse and locate the physical memory image (memory.bin) or the
hiberfil.sys file from the computer to which your encrypted volume was
mounted. If you do not have this memory image and the target computer
is still powered on, click Acquire a memory image and follow the onscreen instructions.
NOTE: If the target computer is turned off and the PGP volume was
dismounted during the last hibernation, neither the memory image nor the
hiberfil.sys file will contain the encryption keys. Therefore, instant
decryption of the volume is impossible. In this case, switch to The PGP
disk is dismounted option, and Passware Kit will assign brute-force
attacks to recover the password for the volume.
5. Click Browse and select the location and name of the destination folder
(the folder to save decrypted volume to).
6. Click Next.
This procedure initiates the decryption process. The decryption might take
several minutes depending on the size of the memory image file. The results
are displayed when the decryption is complete. The figure below shows a
sample result.
3. Click Browse... and locate the image of the FileVault2 encrypted volume
or partition.
4. Click Browse... and locate the physical memory image (memory.bin) file
from the computer in which your encrypted volume was mounted. If you
do not have this memory image and the target computer is still powered
on, click Acquire a memory image and follow the on-screen instructions.
NOTE: If the target computer is turned off, the memory image will not
contain the encryption keys. Therefore, instant decryption of the volume is
impossible. In this case, switch to the FileVault volume is dismounted
option, and Passware Kit will assign regular brute-force attacks to recover
the password for the volume.
5. Click Browse... and select the location and name of the destination file
(the image of the decrypted volume).
6. Click Next.
This procedure initiates the decryption process. The decryption might take
several minutes depending on the size of the memory image file. The results
are displayed when the decryption is complete. The figure below shows a
sample result.
4.
5.
6.
7.
8.
Once you have copied the Wipekey file to your computer, run Passware Kit and
follow these steps to recover the password:
1. Click Analyze Memory and Decrypt Hard Disk on the Passware Kit
Start Page. This displays the screen shown below:
3. Click Browse... and locate the image of the FileVault2 encrypted volume
or partition;
4. Click the FileVault volume is dismounted option;
5. Click Browse... and select the location of the Wipekey file as shown
below:
6. Click Next.
Locate the physical memory image (memory.bin) of the target Mac computer.
If you do not have this memory image, follow these steps to acquire it using
Passware Kit:
1. At the Passware Kit Start Page click Analyzing Memory and Decrypting
Hard Disk.
2. Click Passware FireWire Memory Imager.
3. Follow the on-screen instructions.
Once the image is created, follow these steps to recover the password:
1. Click Recover Mac Password (or press Ctrl+M) on the Passware Kit Start
Page.
2. Locate the physical memory image (memory.bin) from the target computer
and click Open.
This procedure initiates the password recovery process, as shown below:
The recovery might take several minutes depending on the size of the memory
image file. The results are displayed when the recovery is complete. The figure
below shows a sample result.
Locate the keychain file (by default this file is named login.keychain) and click
Open.
This displays the following window:
Choose one of the following options for password recovery, depending on the
available information about the password:
Use the Password Recovery Wizard - best for users who know
something about their passwords, but are new to password
recovery.
Run the default attacks - best for users who know nothing about
their passwords.
Use the Attack Editor - best for advanced users and who are
decrypting strong passwords.
This procedure initiates the password recovery process. The results are
displayed when the recovery is complete. The figure below shows a sample
result.
(hiberfil.sys) of the target Windows computer. If you do not have this memory
image, follow these steps to acquire it using Passware Kit:
1. At the Passware Kit Start Page click Analyzing Memory and Decrypting
Hard Disk.
2. Click Passware FireWire Memory Imager.
3. Follow the on-screen instructions.
Once the image is created, follow these steps to recover the password:
1. Click Analyze Memory and Decrypt Hard Disk | Windows User (or
press Ctrl+W) on the Passware Kit Start Page.
2. Locate the physical memory image (memory.bin) or the hibernation file
(hiberfil.sys) from the target computer and click Open.
This procedure initiates the password recovery process, as shown below:
The recovery might take several minutes depending on the size of the memory
image file. The results are displayed when the recovery is complete. The figure
below shows a sample result.
The recovery might take several minutes depending on the size of the memory
image file. The results are displayed when the recovery is complete. The figure
below shows a sample result.
1. Insert a USB flash drive and select it in the Select USB drive pulldown menu. Recommended size of the USB flash drive is 8GB and
more.
2. Click Next.
NOTE: All the files on the USB flash drive will be erased. If you are using
Windows Vista, you may need to run Passware Kit as the Administrator in
order to create a memory-imaging USB drive.
2. The recording process starts. Passware Kit copies the necessary files on the
USB flash drive.
3. The bootable Passware FireWire Memory Imager USB drive is now ready.
Press Next.
5. The memory imaging process starts:
The progress screen displays the time of the imaging process and the size
of the acquired target memory. Upon completion of the process, press
Next.
6. Unplug the FireWire cable, remove the USB flash drive, and press Reboot
to restart your PC.
7. The memory image of the target computer (a memory.bin file) is created
Once you have created the memory image of the target computer, you are
ready to decrypt BitLocker or TrueCrypt volumes using Passware Kit.
4. Choose the backup snapshots you want to download. The latest snapshot is
listed first. By selecting other snapshots you will be able to download all
previous versions of the backup.
5. Choose where to save the backup (make sure you have enough space on
your disk. Passware Kit will display the size of the backup to be
downloaded).
6. Choose the format you want to save the backup in. By default, it is the
"iTunes default format" readable by Apple iTunes. You can also save the
backup in plain readable format, i.e. without iTunes default folders, but as
a plain list of files.
7. Click Next.
8. The acquisition process starts. Passware Kit downloads the necessary
backup files from iCloud to your local computer.
Now that you have acquired the iOS backup from iCloud, you are ready to
analyze it with Oxygen Forensic Passware Analyst or open it with Apple iTunes
to see the device data.
3. Click Next.
NOTE: If you do not have a Windows Setup CD, you can request a
Windows Key .ISO download.
4. Choose what password reset device to create:
8. After Passware Kit creates a password reset ISO image, it prompts you to
insert a blank CD/DVD disk into the CD-ROM drive so that it could burn the
image on this disk. Insert a blank CD/DVD disk into the CD-ROM drive.
Click OK.
Now that you have created the Windows Password Reset CD or USB disk, you
are ready to reset the password on the locked computer.
3. Enter the protection password that you have set while creating the
Windows Password Reset CD\USB disk. Click Next. If you have not set any
password, go to the next step.
4. Select the Windows installation to be unlocked. If there are several
installations, use additional information from the table to choose the one
you need to unlock. Click Next.
9. Remove the Windows Key bootable CD or USB disk to restart your PC.
Run the default attacks - best for users who know nothing about
their passwords.
Use the Attack Editor - best for advanced users and who are
decrypting strong passwords.
This procedure initiates the password recovery process. The results are
displayed when the recovery is complete. The figure below shows a sample
result.
Follow these steps to recover the internet and network passwords for the
standalone system:
1. Click Recover Internet and Network Passwords for a Standalone
System. This displays the following window:
2. Click Browse... and locate the Windows User directory, which is usually
named as Documents and Settings.
3. In the Windows Users list select the account you want to recover the
internet and network passwords for.
4. If the account you selected is protected with a Windows login password,
Passware Kit will ask you to choose one of the two options below. If the
account is not password-protected, click Next and continue to step 6.
If you know a Windows login password for this account, switch to the I
know the password option. Type the known password in this field.
If you do not know a Windows login password for this account, switch
to the I don't know the password option. The recovery process for
the Windows login password will be initiated. Once the password is
recovered, type it in the I know the password field and continue to
the next step.
5. Click Next. This displays the following window:
Once you have dumped the hash file, you are ready to recover the user names
and passwords that it contains.
To get started, display the Passware Kit Start Page, then click the Recover
button, or press Ctrl+O.
Choose one of the following options for password recovery, depending on the
available information about the password:
Use the Password Recovery Wizard - best for users who know
something about their passwords, but are new to password
recovery.
Run the default attacks - best for users who know nothing about
their passwords.
Use the Attack Editor - best for advanced users and who are
decrypting strong passwords.
This procedure initiates the password recovery process. The results (i.e., user
account names and login passwords) are displayed when the recovery is
complete. The figure below shows a sample result.
Choose the folder in which to install the portable version. It can be installed
directly on a removable USB thumb drive. Click OK.
Passware Kit installs its portable version in the specified folder. Once installed,
you can copy this folder onto a CD or USB drive.
4. Choose Open With -> Passware Kit. Passware Kit Forensic will be
launched as a File Viewer and the password recovery process will start
automatically.
5. After the file is decrypted or the password is recovered, you can open the
file directly from Passware Kit Forensic.
The Select a passwords list window appears. Locate your passwords list file
(TXT) and click Open.
Passware Kit processes your file and reports the result as displayed below:
Now you can see if the current settings are appropriate for your list of
passwords and optimize them if necessary!
5. Remove all current attacks by clicking the Remove | Remove All button
in the toolbar.
6. Pick the Rainbow Tables attack from the list on the right and drag it to
the attack list in the middle pane. This displays the screen shown below:
Once you have started the Rainbow Tables attack, you need to add the
Rainbow Tables to it.
2. Click the Add button and locate the .RT files (rainbow tables) from the
connected Decryptum Portable USB disk. Click Ctrl+A to select all files as
shown below:
The decryption process takes less than one minute for each of the files. The
results (i.e., the decrypted files) are displayed when the decryption is
Aplication
File
Extension
Acrobat 3.0
Instant
Recovery /
Brute-force
Recovery - Fast
Acrobat 4.0
Instant
Recovery /
Brute-force
Recovery - Fast
/ Medium
Acrobat 5.0
Instant
Recovery /
Brute-force
Recovery Medium
Acrobat 6.0
Instant
Recovery /
Brute-force
Recovery Medium
Acrobat 7.0
Instant
Recovery /
Brute-force
Recovery Medium
Acrobat 8.0
Instant
Recovery /
Brute-force
Recovery -
Hardware
Acceleration
Medium
Acrobat 9.0
Instant
Recovery /
Brute-force
Recovery - Fast
/ Medium
Acrobat 10.0
Instant
Recovery /
Brute-force
Recovery Slow
Acrobat 11.0
Instant
Recovery /
Brute-force
Recovery Slow
BLB
Instant
Recovery
BLB
Instant
Recovery
BLB
Instant
Recovery
BLB
Instant
Recovery
ADF
Instant
Recovery
ADF
Instant
Recovery
ADF
Instant
Recovery
ADF
Instant
Recovery
ADF
Instant
Recovery
Android Backup
AB
Brute-force
Recovery Slow
Brute-force
Recovery Slow
Android Image
BIN
DMG, DD
Brute-force
Recovery Slow
PLIST
Brute-force
Recovery Slow
BestCrypt 6.0
JBC
Brute-force
Recovery Slow
BestCrypt 7.0
JBC
Brute-force
Recovery Slow
BestCrypt 8.0
JBC
Brute-force
Recovery Slow
FP3
Instant
Recovery
FP3
Instant
Recovery
FP5
Instant
Recovery
FP5
Instant
Removal
FP7
Instant
Removal
FP7
Instant
Removal
FP7
Instant
Removal
FP7
Instant
Removal
FileMaker Pro 11.0
FP7
Instant
Removal
FMP12,
USR
Instant
Removal
Instant
Recovery
ICQ 2000-2003
DAT
Instant
Recovery
ICQ 99a
DAT
Instant
Recovery
ICQ Lite
FB
Instant
Recovery
WK!, WK1,
WK4,
WRC,
WR1,
WR9, 123
Instant
Recovery
ID
Brute-force
Recovery Medium
ID
Brute-force
Recovery Medium
ID
Brute-force
Recovery Medium
ID
Brute-force
Recovery Medium
ORG
Instant
Recovery
OR2
Instant
Recovery
OR3
Instant
Recovery
Lotus Organizer 4.0
OR4
Instant
Recovery
OR5
Instant
Recovery
OR6
Instant
Recovery
LWP
Instant
Recovery
Mac OS / FileVault2
DMG, DD,
IMG, BIN,
E01
Instant
Removal
(Memory
Analysis) /
Brute-force
Recovery Slow
Brute-force
Recovery Slow
Mac OS X Keychain
PLIST
Instant
Recovery
(Memory
Analysis) /
Brute-force
Recovery - Fast
PLIST
Instant
Recovery
(Memory
Analysis) /
Brute-force
Recovery Slow
Instant
Recovery
MDB
Instant
Recovery
MS Access 95
MDB
Instant
Recovery
Instant
Recovery
MS Access 97
MDB
MS Access 2000
MDB
Instant
Recovery
MS Access 2002
MDB
Instant
Recovery
MS Access 2003
MDB
Instant
Recovery
MS Access 2007
ACCDB
Brute-force
Recovery Slow
MS Access 2010
ACCDB
Brute-force
Recovery Slow
MS Access 2013
ACCDB
Brute-force
Recovery Slow
MDA
Instant
Recovery
MS Access 97 System
Database
MDW
Instant
Recovery
MDW
Instant
Recovery
MS Access VBA
MDA
Instant
Recovery or
Reset
MS Backup
QIC
Instant
Recovery
MS Excel 4.0
XLS
Instant
Recovery
MS Excel 5.0
XLS
Instant
Recovery
MS Excel 95
XLS
Instant
Recovery
Instant
Recovery or
Removal /
Brute-force
Recovery - Fast
MS Excel 97
XLS
MS Excel 2000
XLS
Instant
Recovery or
Removal /
Brute-force
Recovery - Fast
MS Excel 2002
XLS
Instant
Recovery or
Removal /
Brute-force
Recovery Medium
MS Excel 2003
XLS
Instant
Recovery or
Removal /
Brute-force
Recovery Medium
MS Excel 2007
XLSX,
XLSM
Instant
Recovery or
Removal
(Memory
Analysis) /
Brute-force
Recovery Slow
MS Excel 2010
XLSX,
XLSM
Instant
Recovery or
Removal
(Memory
Analysis) /
Brute-force
Recovery -
Slow
Instant
Recovery or
Removal
(Memory
Analysis) /
Brute-force
Recovery Slow
MS Excel 2013
XLSX,
XLSM
MS Pocket Excel
PXL
Instant
Recovery
MS Excel VBA
XLA, XLSM
Instant
Recovery or
Reset
Instant
Recovery
Instant
Recovery
Instant
Removal
MS Mail
MMF
Instant
Recovery
MS Money 99 or earlier
MNY
Instant
Recovery
MS Money 2000-2001
MNY
Instant
Recovery
MS Money 2002
MNY
Brute-force
Recovery Medium
MS Money 2003-2004
MNY
Brute-force
Recovery Medium
MS Money 2005-2007
MNY
Brute-force
Recovery Medium
ONE
ONE
ONE
Brute-force
Recovery Slow
ONE
Brute-force
Recovery Slow
MS Outlook
2000/2003/2007/2010/2013
Email Accounts
Brute-force
Recovery Medium
Brute-force
Recovery Slow
Instant
Recovery
MS Outlook
2000/2003/2007/2010/2013
Form Template
OFT
Instant
Recovery
MS Outlook
2000/2003/2007/2010/2013
Personal Storage
PST
Instant
Recovery
MS Outlook Express
Accounts
Instant
Recovery
MS Outlook Express
Identities
Instant
Recovery
MS PowerPoint 2002
PPT
Instant
Recovery or
Removal /
Brute-force
Recovery Medium
MS PowerPoint 2003
PPT
Instant
Recovery or
Removal /
Brute-force
Recovery Medium
MS PowerPoint 2007
PPTX,
PPTM
Instant
Recovery or
Removal /
Brute-force
Recovery Slow
MS PowerPoint 2010
PPTX,
PPTM
Instant
Recovery or
Removal /
Brute-force
Recovery Slow
MS PowerPoint 2013
PPTX,
PPTM
Instant
Recovery or
Removal /
Brute-force
Recovery Slow
MS PowerPoint VBA
PPT, PPTM
Instant
Recovery or
Reset
MS Project 95
MPP
Instant
Recovery
MS Project 98
MPP
Instant
Recovery
MS Project 2000
MPP
Instant
Recovery
MS Project 2002
MPP
Instant
Recovery
MS Project 2003
MPP
Instant
Recovery
MS SQL 2000
MDF
Instant Reset
MS SQL 2005
MDF
Instant Reset
MS SQL 2008
MDF
Instant Reset
MS Windows NT Users /
Instant
Recovery
(Memory
Analysis) or
Removal
Instant
Recovery
(Memory
Analysis) or
Removal
Instant
Recovery
(Memory
Analysis) or
Removal
Instant
Recovery
(Memory
Analysis) or
Removal
MS Windows XP Users /
Secure Boot Option
Instant
Recovery
(Memory
Analysis) or
Removal
Instant
Recovery
(Memory
Analysis) or
Removal
Instant
Recovery
(Memory
Analysis) or
Removal
Instant
Recovery
(Memory
Analysis) or
Removal
MS Windows 2003 SBS
Active Directory
Administrator
Instant
Recovery
(Memory
Analysis) or
Removal
Instant
Recovery
(Memory
Analysis) or
Removal
DD, IMG,
BIN, VHD,
E01
Instant
Recovery
(Memory
Analysis) or
Removal
DD, IMG,
BIN, VHD,
E01
MS Windows 7 Users /
Secure Boot Option
MS Windows 7 / BitLocker
Instant
Removal
(Memory
Analysis) /
Brute-force
Recovery Slow
Instant
Removal
(Memory
Analysis) /
Brute-force
Recovery Slow
Instant
Recovery
(Memory
Analysis) or
Removal
DD, IMG,
BIN, VHD,
E01
Instant
Removal
(Memory
Analysis) /
Brute-force
Recovery Slow
Instant
Recovery
(Memory
Analysis) or
Removal
Instant Reset
DD, IMG,
BIN, VHD,
E01
Instant
Removal
(Memory
Analysis) /
Brute-force
Recovery Slow
MS Windows 8 Users /
Secure Boot Option
Instant
Recovery
(Memory
Analysis) or
Removal
Instant Reset
MS Windows 8 - 8.1 /
BitLocker
DD, IMG,
BIN, VHD,
E01
Instant
Removal
(Memory
Analysis) /
Brute-force
Recovery Slow
MS Windows NTLM /
LANMAN Hash
Instant
Recovery /
Brute-force
Recovery - Fast
Instant
Recovery
Network Connections
Instant
Recovery
RDP
Instant
Recovery
MS Word 1.0
DOC, DOT
Instant
Recovery
MS Word 2.0
DOC, DOT
Instant
Recovery
MS Word 3.0
DOC, DOT
Instant
Recovery
MS Word 4.0
DOC, DOT
Instant
Recovery
MS Word 5.0
DOC, DOT
Instant
Recovery
MS Word 6.0
DOC, DOT
Instant
Recovery
MS Word 95
DOC, DOT
Instant
Recovery
MS Word 97
DOC, DOT
Instant
Recovery or
Removal /
Brute-force
Recovery - Fast
MS Word 2000
DOC, DOT
Instant
Recovery or
Removal /
Brute-force
Recovery - Fast
MS Word 2002
DOC, DOT
Instant
Recovery or
Removal /
Brute-force
Recovery Medium
MS Word 2003
DOC, DOT
Instant
Recovery or
Removal /
Brute-force
Recovery Medium
MS Word 2007
DOCX,
DOTX,
DOCM
Instant
Recovery or
Removal
(Memory
Analysis) /
Brute-force
Recovery Slow
MS Word 2010
DOCX,
DOTX,
DOCM
Instant
Recovery or
Removal
(Memory
Analysis) /
Brute-force
Recovery Slow
MS Word 2013
DOCX,
DOTX,
DOCM
Instant
Recovery or
Removal
(Memory
Analysis) /
Brute-force
Recovery Slow
MS Word VBA
DOC, DOT,
DOCM,
DOTM
Instant
Recovery or
Reset
PLS, PRM
Instant
Recovery
MYOB 2004
DAT
Instant Reset
MYOB 2005
MYO
Instant Reset
MYOB 2006
MYO
Instant Reset
MYOB 2007
MYO
Instant Reset
MYOB 2008
MYO
Instant Reset
MYOB 2009
MYO
Instant Reset
MYOB 2010
MYO
Instant Reset
Norton Backup
SET
Instant
Recovery
Paradox Database
DB
Instant
Recovery
Peachtree 2002-2006
DAT
Instant
Recovery
Peachtree 2007
DAT
Instant
Recovery
Peachtree 2008
DAT
Instant
Recovery
Peachtree 2010
DAT
Instant
Recovery
Peachtree 2013
DAT
Instant Reset
PGP
Brute-force
Recovery Slow
SKR
Brute-force
Recovery Slow / Medium
PGD
Brute-force
Recovery Slow
EXE
Brute-force
Recovery Slow
PGP WDE
DD, IMG,
BIN, VHD,
E01
Instant
Removal
(Memory
Analysis) /
Brute-force
Recovery Slow
GnuPG Private Keyring
GPG
Brute-force
Recovery Slow
Quattro Pro 5 - 6
QPW,
WB1,
WB2, WB3
Instant
Recovery
Quattro Pro 7 - 8
QPW,
WB1,
WB2, WB3
Instant
Recovery
QPW
Instant
Recovery
QBW, QBA
Instant
Recovery
QuickBooks 5.x
QBW, QBA
Instant
Recovery
QBW, QBA
Instant
Recovery
QuickBooks 99
QBW, QBA
Instant
Recovery
QuickBooks 2000
QBW, QBA
Instant
Recovery
QuickBooks 2001
QBW, QBA
Instant
Recovery
QuickBooks 2002
QBW, QBA
Instant
Recovery
QuickBooks 2003
QBW, QBA
Instant
Recovery
QuickBooks 2004
QBW, QBA
Instant
Recovery
QuickBooks 2005
QBW, QBA
Instant
Removal
QuickBooks 2006
QBW, QBA
Instant
Removal
Instant
Removal
QuickBooks 2007
QBW, QBA
QuickBooks 2008
QBW, QBA
Instant
Removal
QuickBooks 2009
QBW, QBA
Instant
Removal
QuickBooks 2010
QBW, QBA
Instant
Removal
QuickBooks 2011
QBW, QBA
Instant
Removal
QuickBooks 2012
QBW, QBA
Instant
Removal
QuickBooks 2013
QBW, QBA
Instant
Removal
QuickBooks 2014
QBW, QBA
Instant
Removal
QuickBooks Backup
QBB
Instant
Removal
Quicken 95/6.0
QDF
Instant
Recovery
Quicken 98
QDF
Instant
Recovery
Quicken 99
QDF
Instant
Recovery
Quicken 2000
QDF
Instant
Recovery
Quicken 2001
QDF
Instant
Recovery
Quicken 2002
QDF
Instant
Recovery
Quicken 2003
QDF
Instant
Removal
Quicken 2004
QDF
Instant
Removal
Quicken 2005
QDF
Instant
Removal
Quicken 2006
QDF
Instant
Removal
Quicken 2007
QDF
Instant
Removal
Quicken 2008
QDF
Brute-force
Recovery Slow
Quicken 2009
QDF
Brute-force
Recovery Slow
Quicken 2010
QDF
Brute-force
Recovery Slow
Quicken 2011
QDF
Brute-force
Recovery Slow
Quicken 2012
QDF
Brute-force
Recovery Slow
Quicken 2013
QDF
Brute-force
Recovery Slow
Quicken 2014
QDF
Brute-force
Recovery Slow
RAR
Brute-force
Recovery Slow
RAR
Brute-force
Recovery Slow
RAR
Brute-force
Recovery Slow
Instant
Recovery
Schedule+ 1.0
CAL
Instant
Recovery
Schedule+ 7.x
SCD
Instant
Recovery
TrueCrypt Non-System
Partition/Volume
DD, IMG,
BIN, VHD,
TC, E01
Instant
Removal /
Brute-force
Recovery Slow
TrueCrypt System
Partition/Volume
DD, IMG,
BIN, VHD,
TC, E01
Instant
Removal
(Memory
Analysis) /
Brute-force
Recovery Slow
DD, IMG,
BIN, VHD,
TC, E01
Instant
Removal
(Memory
Analysis) /
Brute-force
Recovery Slow
Safari Websites
Brute-force
Recovery - Fast
/ Slow
WordPerfect 5.x
WPD
Instant
Recovery
WordPerfect 6.0
WPD
Instant
Recovery
WordPerfect 6.1
WPD
Instant
Recovery
WPD
Instant
Recovery
ZIP
Instant
Removal /
Brute-force
Recovery - Fast
Instant
Recovery
ZIP Archive
ZIP
Brute-force
Recovery - Fast
/ Slow
7-Zip Archive
7Z
Brute-force
Recovery Slow
Attack Descriptions
Passware Kit uses eight different password recovery attacks.
Dictionary
Dictionary attack tries thousands of words from dictionary files as possible
passwords.
Brute-force
Brute-force Attack finds passwords by checking all possible combinations of
characters from the specified Symbol Set. This is the slowest, but most
thorough, method.
Xieve
Xieve optimization dramatically boosts Brute-force attack speed by skipping
password checks of nonsensical combinations of characters. It uses a large
built-in table of frequences of different combinations of letters.
Known Password/Part
Known Password/Part Attack checks a certain password entered in the "Value"
field. There is no need to open a file in order to check whether a certain
password is correct.
You can also use unprintable control symbols in your password settings, such
as '\n' (linefeed), '\t' (tab), '\r' (carriage return), and others.
This attack can be combined with other attacks using the Join Attacks option.
For example, if you know your password is a word followed by "1980", use Join
Attacks to combine Dictionary attack and Known Password/Part attack with the
value set to "1980".
Previous Passwords
Previous Passwords Attack checks passwords that were previously recovered
by other attacks for other files. It automatically saves all passwords found.
Decryptum
Decryptum Attack instantly decrypts MS Word and Excel files up to v.2003 in
online mode. It connects to the www.decryptum.com server to generate a free
preview or to decrypt files.
You are required to purchase a Decryptum PIN to save the decrypted file. The
partial preview of the file is free.
Passware Kit Standard, Professional, Enterprise, and Forensic editions already
include a free Decryptum PIN for one or more files.
Learn more about Decryptum Attack...
Decryptum attack is also available offline as Decryptum Portable. Passware's
portable rainbow tables are used by the Rainbow Tables attack and allow
instant offline decryption of MS Word and Excel files of version up to 2003.
Learn more about Decryptum Portable...
To acquire the memory image, you can use Passware FireWire Memory
Imager.
Surezip
SureZip attack decrypts Zip archives created with WinZip version 8.0 and
earlier in less than an hour regardless of password used to protect it. At least
5 simultaneously encrypted files are required in order to process the archive.
Archives created with WinZip are supported.
Zip Plaintext
If there is at least one file from a password protected Zip archive available
unencrypted, Zip Plaintext attack instantly decrypts the whole archive,
regardless of the password length. Archives with WinZip standard encryption
are supported. AES-encrypted archives are not supported by Plaintext attack.
Join Attacks
Join Attacks group applies its attacks to different parts of the password. Set
the whole password length first. Then add attacks to the Join Attacks group for
each part of the password.
Example: for passwords like "green123", set the following Join Attacks group:
Join Attacks
(Password Length: from 8 to 8)
Dictionary Attack: English
(Password Length: from 5 to 5)
+
Brute-force Attack: English
(Password Length: from 3 to 3
Symbol Set: Numbers)
Append Attacks
Append Attacks group runs attacks to check the shortest passwords first, then
runs the same attacks to check increasingly longer passwords.
When Append Attacks group is not enabled, Passware Kit checks all the
passwords of each attack before running the next attack.
Rainbow Tables
Rainbow Tables attack recovers hashed passwords from Windows, MD5,
LANMAN, NTLM, and SHA1 hashes. To calculate a password, it uses a rainbow
table - a precomputed table for reversing cryptographic hash functions.
Rainbow tables are available for download at third-party websites, such as
FreeRainbowTables.com (free) and Rainbow Crack. The attack supports
unpacked non-hybrid .RT tables, .RTI tables converted with rti2rto.exe tool,
and .RTC tables converted with rtc2rt.exe.
The Rainbow Tables attack can also be used to decrypt instantly MS Word and
Excel files up to v.2003. To decrypt the files, the attack requires special
rainbow tables that are available as an additional product by Passware Decryptum Portable.
Attack Modifiers
Attack modifiers enable you to further control the password recovery process
by specifying which casing is used, and whether a reverse password should be
used.
Once you have added a modifier, you should then add an attack to this
modifier.
Hardware Acceleration
Passware Kit accelerates password-recovery processes using hardware.
Multiple CPUs
Passware Kit utilizes multi-core computers efficiently. Password-recovery
speed is increased scalable to the number of CPUs on a computer.
Tableau TACC
Tableau TACC 1441 hardware accelerator helps to speed up the passwordrecovery process by up to 25 times. The device is connected to a computer
through a FireWire port. Passware Kit supports multiple TACC hardware
accelerators connected to a single computer for better performance.
In order for Passware Kit to detect and use your GPU card, the latest driver for
this card model and operating system should be installed. The drivers are
available for download at NVIDIA and AMD websites.
The table below summarizes the accelerated password-recovery speeds for the
most difficult-to-decrypt file types. *
Password
Recovery
Speed on
CPU
(p/s)
Password
Recovery
Speed on
NVIDIA
GPU
(p/s)
Password
Recovery
Speed on
AMD GPU
(p/s)
Password
Recovery
Speed on
TACC
accelerator
(p/s)
File Type
Encryption
/ Hashing
Android
Backup
AES-256 /
SHA-1
1,868
24,654
25,565
7,366
Android
Image
AES-128 /
SHA-1
9,365
120,661
121,296
34,268
Apple
Disk
Image
AES-256 /
SHA-1
16,691
76,542
69,557
24,913
Apple
iTunes
Backup
AES-256 /
SHA-1
1,858
24,488
25,591
6,673
Lotus
Notes ID
AES-256 /
SHA-1
601
83,642
N/A
N/A
Mac
FileVault2
AES-128 /
SHA-256
51
3,703
4,235
N/A
Mac
Keychain
TripleDes /
SHA-1
18,228
181,765
174,655
48,005
Mac OS X
10.8 10.9
Hash
SHA-512
35
635
515
N/A
MS
BitLocker
BitLocker /
SHA-256
168
N/A
N/A
MS Office
2013
AES-256 /
SHA-512
63
1,108
1,230
N/A
MS Office
2010
AES-128 /
SHA-1
699
10,391
10,600
1,922
MS Office
2007
CSP / SHA1
1,412
20,912
20,980
3,804
PGP SDA
Archive
CAST /
SHA-1
10,807
424,275
N/A
56,821
PGP Disk
(PGD)
AES-256 /
SHA-1
1,900
N/A
N/A
15,140
PGP
Private
Keyring
RSA
AES-256 /
SHA-1
666
31,644
N/A
4,699
PGP
Private
Keyring
DSA
AES-256 /
SHA-1
502
23,905
N/A
3,572
PGP WDE
AES-256 /
SHA-1
7,935
301,697
N/A
48,335
PGP Zip
Archive
CAST /
SHA-1
258
13,285
N/A
1,863
RAR 3.x4.x
AES-128 /
SHA-1
579
9,588
9,529
1,751
RAR 5.x
AES-256 /
SHA-256
78
5,619
6,457
N/A
TrueCrypt
System /
RIPEMD160
452
48,411
N/A
N/A
Zip
AES / SHA1
36,092
467,013
451,293
91,288
7-Zip
Archive
AES-256 /
SHA-256
398
4,467
N/A
N/A
*
Settings: Brute-force attack, password length from 5 to 5 characters, English
lowercase letters, English uppercase letters, numbers.
CPU: Intel Core i5-2400 @ 3.10GHz (4 cores)
GPU: NVIDIA GeForce GTX 680 (Kepler)
GPU: AMD Radeon HD 7850 (Pitcairn)
TACC: Tableau TACC1441.
The overall steps in using the distributed password recovery are as follows:
1. Install Passware Kit Agents on multiple computers
2. Run Passware Kit on your computer (Passware Kit Server)
3. Passware Kit Agents detect and connect to Passware Kit automatically, and
password recovery tasks are divided among multiple computers
Add more Passware Kit Agents
At the Settings tab, you can choose between Auto discovery and
Manual connection to Passware Kit:
Now that you have installed Passware Kit Agent, you are ready to recover the
password with Passware Kit.
Status "Running the current attack" means that this Passware Kit Agent is
connected to Passware Kit and is running the current password recovery
task.
4. When the Passware Kit Agent is connected to Passware Kit, it's Settings
tab displays the IP address and port of the Passware Kit Server, and the
Activity tab displays a graph of resources usage:
6. You can adjust the GPU usage during the password recovery process for
efficient performance of your computer by enabling the Use GPU
acceleration only when the user is not active checkbox from the
Tools | Options menu.
Now your password is being recovered using multiple computers
efficiently!
5. Right-click the mouse on the image and select Launch Instance. The
Request Instances Wizard window appears.
6. In the Instance Type field, select Cluster GPU from the pull-down menu.
Click Continue.
7. In the Placement Group field, select Create new placement group...
and type any name for the new group. In the User Data field, type your
own authentication key.
NOTE: By specifying an authentication key, you secure the Instance, so
that no other user can connect to Passware Amazon Agent. Click
Continue.
NOTE: After you finish the password recovery process, stop the
Instance in AWS Management Console. Go to the EC2 tab, click on
Instances in the Navigation pane, and select Stop from the right-click menu
of the running Instance. Sign out from the AWS Management Console.
Now that you have launched the Amazon EC2 Instance, you are ready to
recover the password with Passware Kit.
6. Click OK.
7. Click Recover File Password and select a file to process. At the following
screen, choose one of the three options to specify password settings.
NOTE: After you finish the password recovery process, stop the
Instance in AWS Management Console. Go to the EC2 tab, click on
Instances in the Navigation Pane, and select Stop from the right-click menu
of the running Instance. Sign out from the AWS Management Console.
System Requirements
Microsoft Windows XP, Vista, Server 2003/2008/2012, or Windows 7/8
(32-bit or 64-bit) installed and configured on your system
1 GHz processor (2.4 GHz recommended)
512 MB of RAM (1 GB recommended)
150 MB of free hard disk space (more if you use custom dictionaries)
Passware software supports PC platforms only. However, it can recover
passwords for some files created on Macintosh, such as FileMaker. You can run
Passware products on a Virtual PC or Parallels Desktop to unprotect your files.
For Windows Key, a Windows Setup 32-bit CD is required, as well as a burning
CD-RW drive in order to record a password reset CD instead of the USB disk.
To acquire a physical memory image of the target computer using Passware
FireWire Memory Imager (used to recover BitLocker, TrueCrypt, PGP, MS
Office encryption keys, as well as Windows and Mac user passwords), a
FireWire cable is required. Both the target computer and the computer used
for acquisition should have FireWire (IEEE 1394) ports. A USB flash drive for
Passware FireWire Memory Imager should be 8 GB or more.
System Recommendations
The password calculation process depends to some extent on the processor
speed.
We recommend 1 GB RAM. Larger RAM does not make much difference to the
password calculation process.
Passware Kit supports network distributed password recovery, multi-CPU, and
multi-core systems.
To accelerate a password recovery process, Passware Kit uses both NVIDIA and
ATI GPU cards, as well as Guidance Tableau TACC accelerator.
NOTE: The performance of NVIDIA cards depends on the version of the driver
installed. The maximum password recovery speed on NVIDIA cards is achieved
using driver GeForce 327.23. For AMD cards, we recommend using driver
version 13.152 + OpenCL Driver version 10.0.1268.1.
Cost-efficient hardware: We recommend using Intel Core i5 processor
or similar. The number of cores is more important than its frequency.
To accelerate a password recovery process, use NVIDIA GeForce GTX
(CUDA architecture) and AMD Radeon HD cards. AMD cards are
cheaper than NVIDIA, providing the same or even higher performance.
However, ATI cards are currently supported for password recovery only for
Office 2007-2013 files, RAR and Zip archives, Mac Keychain files, Apple
DMG images, and iTunes backups. Please note that GTX 5XX cards provide
better acceleration than the latest 6XX ones. If you use GPU acceleration,
pay attention to the corresponding cooling system and power supply unit,
depending on the number of GPU cards.
Maximum performance:
Maximum performance can be achieved by using Distributed Password
Recovery. The more Passware Kit Agents you use, the better. We also
recommend using the 64-bit versions of Passware Kit and Passware Kit
Agent.
Recommendations for Passware Kit Server:
Intel Core i7 processor or higher. No GPU. Disable the built-in
Passware Kit Agent.
Recommendations for Passware Kit Agent:
Intel Core i7 processor, with 4 cores or more. Two dual AMD
Radeon HD 7990 cards. Corresponding cooling system.
10
11
12
13
14
15
16
17
18
19
20
21
22
What are the terms of the end user license agreement for Passware
software?
23
Contact Passware
Passware is dedicated to providing the best possible customer care.
What do you want to do?
Learn more about Passware and its products
Contact Customer Support
+1 (650) 472-3716
Fax
+1 (650) 403-0718
Passware Inc.
800 W El Camino Real, Ste 180
Mountain View, CA 94040
USA
Tips
The Online Customer Support is the fastest way to get support. The form is
specifically designed to gather information necessary to handle customer
inquiries most effectively.
You can also contact Passware customer support by:
Email
csupport@lostpassword.com
Fax
+1 (650) 403-0718
Online
http://www.LostPassword.com/support
1. GRANT OF LICENSE
This SLA grants you the following rights:
Applications Software. You may install and use one copy of the SOFTWARE
PRODUCT, or any prior version for the same operating system, on a single
computer. The primary user of the computer on which the SOFTWARE
PRODUCT is installed may make a second copy for his or her exclusive use on
a portable computer.
Storage/Network Use. You may also store or install a copy of the SOFTWARE
PRODUCT on a storage device, such as a network server, used only to install
or run the SOFTWARE PRODUCT on your other computers over an internal
network; however, you must acquire and dedicate a license for each separate
computer on which the SOFTWARE PRODUCT is installed or run from the
storage device. A license for the SOFTWARE PRODUCT may not be shared or
used concurrently on different computers.
License Pack. If you have acquired this SLA in a Passware License Pack, you
may make the number of additional copies of the computer software portion of
the SOFTWARE PRODUCT accordingly to the number of licenses acquired
(stated in receipt), and you may use each copy in the manner specified above.
You are also entitled to make a corresponding number of secondary copies for
portable computer use as specified above.
Demo. If you have acquired this SLA with Passware SOFTWARE PRODUCT
labeled as demo version of another Passware SOFTWARE PRODUCT, you are
granted unlimited number of SLA's, and you may use unlimited number of
copies in the manner specified above.
3. INDEMNIFICATION
You accept full legal responsibility for all password recovery performed through
your use of the SOFTWARE PRODUCT. Password recovery and decryption of
unauthorized or illegally obtained files or media may constitute theft and may
result in your civil and criminal prosecution. You agree to hold harmless and
indemnify Licensor for any and all demands, claims, legal action and damages,
including all attorney's fees and costs, against Licensor which arise out of your
use of the Program.
4. UPGRADES
If the SOFTWARE PRODUCT is labeled as an upgrade, you must be properly
licensed to use a product identified by Passware as being eligible for the
upgrade in order to use the SOFTWARE PRODUCT. A SOFTWARE PRODUCT
labeled as an upgrade replaces and/or supplements the product that formed
the basis for your eligibility for the upgrade. You may use the resulting
upgraded product only in accordance with the terms of this SLA. If the
SOFTWARE PRODUCT is an upgrade of a component of a package of software
programs that you licensed as a single product, the SOFTWARE PRODUCT may
be used and transferred only as part of that single product package and may
not be separated for use on more than one computer.
5. COPYRIGHT
All title and copyrights in and to the SOFTWARE PRODUCT (including but not
limited to any images, photographs, animations, video, audio, music, text, and
"applets" incorporated into the SOFTWARE PRODUCT), the accompanying
printed materials, and any copies of the SOFTWARE PRODUCT are owned by
Passware or its suppliers. The SOFTWARE PRODUCT is protected by copyright
laws and international treaty provisions. Therefore, you must treat the
SOFTWARE PRODUCT like any other copyrighted material except that you may
install the SOFTWARE PRODUCT on a single computer provided you keep the
original solely for backup or archival purposes. You may not copy the printed
materials accompanying the SOFTWARE PRODUCT.
6. DUAL-MEDIA SOFTWARE
You may receive the SOFTWARE PRODUCT in more than one medium.
Regardless of the type or size of medium you receive, you may use only one
medium that is appropriate for your single computer. You may not use or
install the other medium on another computer. You may not loan, rent, lease,
or otherwise transfer the other medium to another user, except as part of the
permanent transfer (as provided above) of the SOFTWARE PRODUCT.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, PASSWARE AND
ITS SUPPLIERS DISCLAIM ALL WARRANTIES AND CONDITIONS, EITHER
EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
TITLE, AND NON- INFRINGEMENT, WITH REGARD TO THE SOFTWARE
PRODUCT, AND THE PROVISION OF OR FAILURE TO PROVIDE SUPPORT
SERVICES.
LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY
APPLICABLE LAW, IN NO EVENT SHALL PASSWARE OR ITS SUPPLIERS BE
LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT, OR CONSEQUENTIAL
DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR
LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS
INFORMATION, OR ANY OTHER PECUNIARY LOSS) ARISING OUT OF THE USE
OF OR INABILITY TO USE THE SOFTWARE PRODUCT OR THE PROVISION OF
OR FAILURE TO PROVIDE SUPPORT SERVICES, EVEN IF PASSWARE HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN ANY CASE,
PASSWARE'S ENTIRE LIABILITY UNDER ANY PROVISION OF THIS SLA SHALL
BE LIMITED TO THE GREATER OF THE AMOUNT ACTUALLY PAID BY YOU FOR
THE SOFTWARE PRODUCT OR U.S.$5.00. BECAUSE SOME STATES AND
JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF
LIABILITY, THE ABOVE LIMITATION MAY NOT APPLY TO YOU.
Key Features
All-in-one password recovery for 180+ file types
Integrated Encryption Analyzer Pro scans computers for passwordprotected items
Integrated Search Index Examiner retrieves electronic evidence from a
Windows Desktop Search Database
Resets passwords for Local and Domain Windows Administrators
Instant online decryption of Word/Excel files (up to version 2003)
Multi-core CPUs acceleration
GPU acceleration for MS Office 2007 files
Basic password recovery attacks: Dictionary, Xieve, Brute-force, Known
Password/Part, Previous Passwords
Password modifiers supported (casing, reverse words, etc.)
Combination of attacks for passwords like "strong123password"
Wizard for an easy setup of password recovery attacks
MD5 hash values for forensic reports
What do you want to do?
Quick Start
Recover file password
Recover Internet and network passwords
Create a Windows password reset disk
Search for protected files
Recover hard drive password
NOTE: If you indicated your password was more than one dictionary word, an
intermediate screen appears, asking how long the entire password is, how
many parts there are, and if you know some settings (such as case or known
parts) for each part. After you enter this information, the Dictionary Attack
Settings screen appears for each part.
Complete this screen, and click Finish to display the results of the password
recovery process.
Complete this screen, and click Finish to display the results of the password
recovery process.
Complete this screen and click Finish to display the results of the password
recovery process.
Now click Next. The screen that appears depends on your choice above.
Specifying the Password Structure
If you indicated that part of the password did resemble a dictionary word, the
next screen lets you specify the structure for this part. (If you said no, it did
not resemble an dictionary word, a different screen appears.
You can also indicate that you know some settings for the various parts of the
password, such as length and casing.
Complete this screen and click Next.
NOTE: If you know the total password length, enable check-box "Set the
password length". Otherwise, the program will set the total password length
based on further information about password parts.
NOTE: If you did not select any of the "I know settings..." checkboxes, there is
no "Next" button - simply click Finish.
Specifying the Attack Settings
If you indicated you know settings for any of the parts of the password, this
screen enables you to fine-tune the attack settings (such as specifying a
password length, any known parts, the casing, and whether it can be reversed)
for each part. There is a separate screen for each part for which you know
settings.
Complete this screen, and click Finish to display the results of the password
recovery process.
Specifying the Brute-force Attack Settings
If, earlier, you indicated that no part of the password resembled a dictionary
word, the brute-force attack settings screen appears.
Enter any known parts, and select the appropriate symbol set(s) and casing,
and click Finish to display the results of the password recovery process.
You can also right-click on the attack, then click either Move Up or Move
Down in the resulting popup menu.
A third way to move attacks is by drag-and-drop. Simply select the attack you
want to move, then drag it to its new location in the attack list.
Once you have added the attack modifier to the attack list, you must add a
new attack to go with the modifier.
What do you want to do?
Add an attack
Remove an attack
Rearrange Attacks
Reset attack settings to their default values
Sort attacks according to duration
The Status Bar, visible along the bottom of the window, gives a summary
of the number of protected items found and the total number of items
scanned.
The Scan Status area of the window. A sample is shown here:
NOTE: If you want, you can turn off the Status Bar.
You can temporarily pause or cancel a scan at any time.
If you select Selected Drives and Folders, a list of drives and folders
appears, as shown here:
Use the + icons next to the drives and folders to expand them as necessary;
click each drive or folder you want to scan.
NOTE: Selecting a folder in the list automatically selects all subfolders of that
folder; you can deselect individual subfolders if you want.
NOTE: The settings you choose in the Where to Scan area are saved when
you exit the program, and are in effect the next time you launch the program.
NOTE:You can also drag-and-drop folders into the main window for scanning.
For this type of scan, only the Recommended scan type is used.
If more than one file is selected, the Details section displays how many items
are selected and how much total disk space they occupy.
Now that you have selected the file(s), what do you want to do?
Open a file
Open the folder containing the file
Copy files to another folder
Move files to another folder
Recover password
3. After all the required files are loaded from the bootable CD/USB, Passware
Kit starts working. It displays your license info.
6. Select the account for which you want to reset the password.
7. Passware Kit asks: "Reset 'account_name' password? (Y/N)".
Type Y to reset the password.
Type N to leave the original password.
8. Passware Kit asks: "Reset password for another account? (Y/N)".
Type Y to reset a password for another account.
Type N if you are finished and want to exit Passware Kit.
9. Remove the Passware Kit bootable disk and restart your PC.
Now you are able to log into your computer without a password!
Opening a File
To open a file shown in the scan results file list:
1. Select the file in the list.
2. Click Open in the File menu.
Of course, to open a file, you must know the password that protects the file.
Use the Passware Recover Kit to recover lost passwords.
NOTE: You can use the Make New Folder button in the Browse for Folder
dialog box to create a new folder in which to copy the file(s). The new folder is
named New Folder, and is added to the My Documents folder. Subsequent new
folders are named New Folder (2), and so on.
NOTE: You can use the Make New Folder button in the Browse for Folder
dialog box to create a new folder in which to copy the file(s). The new folder is
named New Folder, and is added to the My Documents folder. Subsequent new
folders are named New Folder (2), and so on.
Click Next.
2. The following screen appears:
Select CD/DVD and specify the CD burning drive from the pull-down list.
Insert a blank CD/DVD disk into the CD-ROM drive. Click Next.
3. The burning process starts.
Passware Password Recovery Kit extracts the ISO image and copies the
necessary files on a CD.
Now that you have created the Windows password reset CD, you are ready to
reset the password on the locked computer.