Find
password protected files
This
article reviews the following issues. First of all, to find out whether
the file encryption is really required, one should learn in detail what
is file protection against illegal access, how it can be reached, and
when it may be used. The rest of article considers problems of search of
encrypted or password protected files, note that more complicated
situations are also taken into consideration, when existence of the
encrypted file is still a question, or when a password has been lost.
When
we face password protection problems
All
groups of consumers, from home PC users to professionals, companies'
employees and executives, need to keep some important information being
confidential and inaccessible for outsiders. Furthermore, the larger the
company and the higher position its representative has the heavier loss
may be caused by possible leak of information.
Quite
often the company safety is directly related to a proper data protection
against unauthorized access. Thus it seems reasonable to prevent files
and archives with the most important data from unwanted access in some
way, i.e. to encrypt them. Today the solving of this problem is not a
matter of concern, so this article doesn't consider issues referred to
strength of commonly used encryption algorithms.
But
as soon as the file has been encrypted another problem rears its ugly
head – strange though it may seem, but it is very easy to be lost.
Since in pursuit of confidentiality the users aim to invent cumbersome
passwords, experiment with file names, it's quite usual that the
password or file name has been forgotten. The author by no means appeals
to use primitive passwords, quite the contrary, but the user should know
how to find a necessary file in that case. Here is one more example when
it's necessary to find encrypted files, too, but this time the situation
doesn't seem so unsophisticated.
Assume
that one of the company employees gathers information for a competitor
company, and it makes sense for him to keep the collected data in an
encrypted file. Therefore, the timely revelation of the file provides
security of the company, hence preventing from a potential damage.
Built-in
password protection security mechanisms
Assume
that we need to encrypt some private information (e.g. correspondence,
budget planning, business data, creative ideas, etc.) If possible loss
because of breaching confidentiality has mainly moral aspects it will be
quite enough to use built-in security mechanisms that both most common archives
(e.g. zip) and text editors (e.g. MS Word, Adobe Acrobat) have. In most
cases it's quite enough to select a required option, for example, To
encrypt a file, etc.
While
this way is the most low-expensive it doesn't provide high reliability,
because it is based on use of simple encryption algorithms, the keys of
small size. To provide better security users are recommended to use
lengthy passwords (over 6 symbols), and combine numbers, lowercase and
capital letters.
In
other cases, when importance of keeping data confidential covers
additional costs it may be recommended to use special encryption
software.
Special password security tools
The
fact that a computer operates off-line, first of all including there's
no connection with Internet, limits greatly a range of possible
information security threats. But it's much interesting to examine a
situation, when a computer operates within a local network, perhaps, it
even functions as a multiuser machine. In this case it's better to do
everything required for providing security, to use the strongest
cryptography algorithms, more lengthy key, and it might be as well to
encrypt using several keys, while the keys must be also reliably
encrypted. In the modern encryption algorithms, even with having both
encrypted text and clear text it's quite difficult to determine a key.
The
easiest and, at the same time, quite ingenious way for providing data
security is a renaming of a file. Assume that a violator is aware about
existence of some zip archiver with a data he is interested in. Unlikely
he will search it among files with extension, say, .dat. So, renaming
the file creates additional difficulties for the violator.
Stenography
is one more special method of data protection with the highest
reliability. In this case after cryptographic transformation the data is
hidden within other files, usually audio or graphics ones. Some piece of
the data of these files is replaced by target protected data, when this
replacement is almost invisible. The above case refers to the easiest
method of providing stenographic protection. More complicated methods
require using of special software.
Moreover, for protection of the private information which is stored on
the networked computer, it's highly recommended using of so called PGP
(Pretty Good Privacy) disks. One of the most important advantages of a
PGPdisk application is that it allows to avoid encryption of a large
number of files with confidential information. All confidential files
and even applications may be removed to a such PGP disk, and then you
don't need to decrypt one of the removed files every time when opening
it.
The
PGP disk has an external form of a file with extension pgd, but in a
fact it operates as a logical drive, providing functions of file storage
and access. It may be placed to a floppy disk or to a separate hard
disk. After its removing the disk becomes unavailable for outsiders, and
to open it you need to input a secret sentence which only you know. But
even the unlocked disk is protected against an unauthorized access. Even
if a computer hangs while using the disk its contents will be encrypted.
When the search for password protected is needed
While
usually seeking to keep his data confidential, a user tries to give a
file an unremarkable name, or to hide the file in a complex hierarchy of
subdirectories.
Taking
into account a great deal of various files stored on drives of each
modern computer, no wonder that the user often forgets both name of the
file and its location, that results in additional difficulties in
searching the file. Sometimes the user appears to forget the access
password.
So
for companies with high requirements to confidentiality of information
it seems reasonable to audit all files kept within the company
information system to reveal encrypted ones. Perhaps, unfair employees
gather confidential data in these files. On the other hand, the
protected files may be created by quite fair employees who keep in these
files their constructive plans and ideas. But in this case they easily
could prove their innocence
Searching for encrypted files
Find
Protected was
designed to help finding password protected files on local hard
disk and across a network.
Use
it to find lost sensitive files with password protection and
force password security policy across your company.
Find
Protected home page |
The
developers of such software face a complex task - to recover a password
to the encrypted file that was created providing the highest security
ever possible. But, turning back to security, keep in mind there are no
security tools providing a total reliability. What one can hide the
other one can find. Hence it's quite possible to find out the required
password (in the pursuit of legal purposes, of course), yet it is only a
matter how much time the user has.
There
are some tips for choosing a proper password recover software program.
As a rule, the programs are based on
Here
we consider methods of searching of ordinary encrypted files. This
section refers only to an encrypted, but not hidden file; methods of
searching of renamed and nested files are given below.
To
start with, let's examine the easiest, cheapest, but yet the most
cumbersome way: a user is manually looking for an encrypted file by a
linear search through all files of the certain application stored on the
hard disk. Assume that a very important (and hence encrypted to make it
unavailable for outsiders) MS Word document has been lost.
Furthermore,
the user doesn't remember neither name of the file nor a drive that
stores it, and there are other encrypted files on the hard disk. At
first the user seeks to get a full list of files with extension .doc
stored on his computer using any available search tool, say, the option
Find of MS Windows. Then he has to open one by one all these files till
he finds one that requests password when opening. But it is just any of
the encrypted files, not necessarily the required one. Obviously, this
operation consumes a lot of time. The same procedure is needed to find,
say, an encrypted zip archive, pdf document, or PGP disk, note that the
latter is always protected with a password.
The
following method makes the search much easier due to use of a
computer-aided tool - special software. This software is based on a
similar to the above procedure algorithm of searching of encrypted
files. If the file format allows encryption there is a special flag
within the file which indicates that the file has been encrypted. The
flag value, size and position differ for different file formats. If the
flag is set the file is encrypted. So, by checking the values of this
flag the software program indicates the files with the flag set. As a
result the user gets not a full list of files with the certain extension
but only encrypted ones, that allows to save a lot of time.
Moreover,
the search becomes much easier if there is some additional data, for
example, the user can remember approximate time of his last addressing
to the file or can estimate its size. The file contains this data as
well. So, as a rule, developers of good software seek to include
additional options (search of files by creation date, last modified
date, or last accessed date). The applications may operate within the
search area limited by files in specified size range, or their location.
If the password protected file is hidden
As
it is mentioned above in the first section of the article, a file may be
hidden by means of stenographic techniques, in the simplest case, by
renaming a file, i.e. changing its extension.
The
rename operation is not recorded anywhere in the file. Hence obviously,
that the above searching method is not helpful in this situation.
Nevertheless, though in fact the file extension has been changed and now
it relates to another application the original format remains the same.
This format, its structure, and data organization within the file differ
for different applications. Without going into details when describing
this format, through examining of the file contests it is possible to
find out which application this file related to. This is the algorithm
the special software for searching of renamed files is based on.
The
more complex task is to find out the file that has been hidden by means
of special stenography applications. Available software can reveal only
few schemes and methods. The latest stenographic methods can't be
detected at all. In fact, one who tries to find nested files is always a
step behind one who hides them.
On
the other hand, there are some ways that allow to suspect foreign
nestings in the files on the basis of indirect signs. First of all, it's
very important to competently audit an information system: it looks
suspicious if a user loads the same picture over and over again, and,
more, uses special stenography tools. In some companies the employees
who deal with confidential information are forbidden to access MPEG,
MPEG2, MPEG3, MPEG4 files and have a limited size of mailbox and sites
allowed for downloading.
You
should be also on your guard if the traffic analysis indicates that a
certain image is loaded too often while text is not loaded at all. When
the suspicious file is founded an expert can reveal a nested file by
modification of the image (ripple, color shifting, shade of black and
white, etc.) But all that is in theory. In practice, this analysis is
very difficult to carry out. Then it's necessary to indicate a format of
the nested file, but the further success mainly depends on strength of
the encryption algorithm used.
Search password protected. Summary
-
Search
of encrypted files is aimed, first of all, not to cracking, but just
the opposite – to providing information security of a user.
-
The
user faces a problem of searching of encrypted files when he has
forgotten a file name, location and password, or when the file was
hidden in some way (renamed or nested).
-
There
are two ways to search an encrypted file: manual search through all
files seemed suitable one by one, or using special software. The
second approach is much faster. Computer-aided search is based on
examination of the file contests whether there is special flag
(attribute) of an encrypted file.
-
In
the case the file was renamed, for its search it's necessary to
analyze a file structure which differs for applications with
different formats.
-
In
the case the file was hidden in another file, it’s reasonable to
use special software which allows to detect stenography, or analyses
some indirect signs of nesting presence in the file (it's very
complicated).
-
If
the password is forgotten or lost it may be recovered only using
special software which is developed for different applications, has
optimized search time and can deal with different information
security levels, if necessary.
If the password is lost
Besides
that important confidential information could be lost due to forgetting
a file name or location, i.e. when the file is lost among others stored
on the computer, the troubles can also be related to data decryption.
This is the case when the user forgets the password, or it has been
lost. The file can't be decrypted without the password. But then the
following procedure might be helpful. If the user can remember the
password at least approximately, it's worth an attempt to try it.
Otherwise, there are two ways to deal with the problem: or just let it
be, but unlikely the user accepts this approach, or, better, to take
advantage of computer-aided tools for password recovery.
The
developers of such software face a complex task - to recover a password
to the encrypted file that was created providing the highest security
ever possible. But, turning back to security, keep in mind there are no
security tools providing a total reliability. What one can hide the
other one can find. Hence it's quite possible to find out the required
password (in the pursuit of legal purposes, of course), yet it is only a
matter how much time the user has.
There
are some tips for choosing a proper password recover software program.
As a rule, the programs are based on methods of vocabulary and blind
search plus some additional Know-Hows. So, first of all the user should
take into consideration how much time is spent for password search (the
latest programs can try billions of combinations per minute). But even
so fast search, however, may take a lot of time. In addition, some
programs provide password recovery using a small fragment of original
text. The user certainly can recall at least few sentences contained in
the required file. In most cases the password can be recovered due to
this information. Quite often applications have several security levels,
i.e. several password levels. For example, There are following types of
passwords in MS Office: open document password, changes password,
document password. So it is preferable that the password recovery
software program deals with all password security levels.
Search for password protected. Conclusion.
The article considered crucial issues of providing confidentiality of
some important information and basic troubleshooting related to
confidential files that every user can experience. Nowadays the main
tool for providing security of confidential data (e.g. e-mail,
electronic documentation, data bases, etc.) is file encryption. A file
may be encrypted by means of built-in utilities of applications or using
special software. The file can be also hidden by renaming. Another way
is to hide the file by nesting it in another file of a quite large size
(usually audio or graphics one). The selection of a security tool is
based on the required level of information security: the higher data
confidentiality is, the more advanced software should be used.
When dealing with encrypted files the users may face a lot of
troubles and difficulties. First of all, these problems arise if a user
forgets file identification data, i.e. file name, location and password,
in other words, the important information is lost together with the file
(i.e. its name and location), and then it's necessary to search the lost
file, or the file is unreadable without forgotten or lost password, and
then to decrypt the data there is need to recover the password.
Furthermore, the issues related to search of files hidden by means of
stenography were also taken into consideration. The easiest way to hide
a file is to rename it (i.e. to change its extension). In this case to
find the file (i.e. to find out an application which this file is really
related to) it's necessary to analyze file structure. The more complex
task is to find out the file that has been hidden by means of special
stenography software, i.e. nested in another file. Then there is need to
use special software programs for detecting stenography (the most
effective approach). You can also try to find out the nested data
without special software, but it's very hard to realize, at least, you
need an original file (audio or graphics one) without changes to compare
with.
|