acin Acta Infologica 2602-3563 İstanbul Üniversitesi 10.26650/acin.804201 Computer Software Bilgisayar Yazılımı Password Cracking Methods and Techniques in Computer Forensic Investigation Adli Bilişim İncelemelerinde Şifre Kırma Yöntem ve Teknikleri https://orcid.org/0000-0003-3700-4825 Kara İlker ÇANKIRI KARATEKİN ÜNİVERSİTESİ 06 29 2021 5 1 27 38 10 02 2020 02 22 2021 Copyright © 2017, Acta Infologica 2017 Acta Infologica

The unending increase in information systems and data use has triggered the birth of danger to information security. According to recently published reports, apart from military forces and e-commerce websites, ordinary users have begun to use encryption techniques to protect systems and documents. In spite of precautions, smart attacks prepared using a variety of concealing techniques overcome available protection methods and can obtain the passwords and user names of on the target system. Corporate firms and ordinary users commonly use new-generation encryption methods to hide their data. This situation creates large obstacles forto the investigation of computer systems and files which are the subject of forensic events, especially. If a suspect uses a computer system with encrypted files, to obtain evidence, firstly, it is necessary to know these encryptions or to crack them. In this step, if the suspect does not give law enforcement the encryptions willingly, forensic experts attempt to break the encryption with a variety of methods. This process is generally difficult, and in some situations, the encrypted data on the suspect’s system cannot be reached. This study provides two contributions. The first is that a detailed investigation of the most commonly used encryption cracking methods are investigated in detail. Secondly, an example forensic case encrypted with the “BitLocker” data encryption method is investigated and the steps to break the encrypted data are investigated. The results

Bilgi sistemleri ve veri kullanımındaki sonsuz artış, bilgi güvenliğinde tehlikenin doğuşunu tetikledi. Son yayınlanan raporlara göre askeri kuvvetler ve e-ticaret web siteleri dışında sıradan kullanıcılarda sistemleri ve belgelerini korumak için şifreleme teknikleri kullanmaya başlanmışlardır. Alınana tedbirlere rağmen çeşitli gizleme tekniklerini kullanarak hazırlanan akıllı saldırılar mevcut korunma yöntemlerini atlatarak hedef sistemdeki parola ve kullanıcı adlarını ele geçirebilmektedir. Kurumsal firmalar ve sıradan kullanıcılar verilerini gizlemek için yeni nesil şifreleme yöntemlerini yaygın olarak kullanmaktadır. Bu durum özellikle adli olaylara konu olan bilgi sistemleri ve dosyaların incelenmesinde büyük engeller oluşturmaktadır. Eğer şüpheli kişi kullanmış olduğu bilgi sistemi veya dosyalarını şifrelenmiş ise delil elde etmek için önce bu şifrelerin önceden bilinmesi ya da şifrenin kırılması gereklidir. Bu adımda şüpheli kendi rızasıyla parola kolluk kuvvetlerine vermemesi durumunda adli uzmanlar çeşitli yönetmelerle şifreleri kırmaya çalışmakta bu süreç genellikle zor olmakta ve bazı durumlarda şüpheli sistemdeki şifreli verilere ulaşılamamaktadır. Bu çalışma iki katkı sunmaktadır. İlk olarak en çok kullanılan şifre kırma yöntemleri detaylı olarak incelenmiştir. İkincisi, “BitLocker” veri şifreleme yöntemiyle şifrelenmiş örnek bir adli vaka incelenerek şifreli verileri kırılma adımları incelenmiştir. Sonuçlardan şifrelenmiş verilerin erişmek için kullanılan yöntemin etkili olduğunu ve şifrelerin kırıldığı göstermektedir.

 Şifre Kırma Veri Şifreleme Güvenlik Saldırıları Analiz Yöntemleri Password Cracking Data Encryption Security Attacks Analysis Methods Al Fahdi, M., Clarke, N. L., & Furnell, S. M. (2013, August). “Challenges to digital forensics: A survey of researchers & practitioners attitudes and opinions.” In 2013 Information Security for South Africa (pp. 1-8). IEEE. Aggarwal, S., Houshmand, S., & Weir, M. (2018). “New technologies in password cracking techniques.” In Cyber Security: Power and Technology (pp. 179-198). Springer, Cham. Agostini, E., & Bernaschi, M. (2019). “BitCracker: BitLocker meets GPUs”. arXiv preprint arXiv:1901.01337. Beşkirli, A., Özdemir, D., & Beşkirli, M. (2019). “Şifreleme Yöntemleri ve RSA Algoritması Üzerine Bir İnceleme”. Avrupa Bilim ve Teknoloji Dergisi, 284-291. Bhanot, R., Hans, R. (2015). “A review and comparative analysis of various encryption algorithms.” International Journal of Security and Its Applications, 9(4): 289-306. Billet O., Gilbert, H. (2006). “Cryptanalysis of rainbow.” Security and Cryptography for Networks, 4116:336-347. Castelluccia C., Durmuth M., Perito, D. (2012). “Adaptive password-strength meters from Markov models.” Proc. of the Network and Distributed System Security Symposium. Dass, A.S., Prabhu, J. (2020). “Hybrid coherent encryption scheme for multimedia big data management using cryptographic encryption methods.” International Journal of Grid and Utility Computing, 11(4):496-508. Dürmuth, M., Angelstorf, F., Castelluccia, C., Perito, D., & Chaabane, A. (2015, March). “OMEN: Faster password guessing using an ordered markov enumerator”. In International Symposium on Engineering Secure Software and Systems (pp. 119-132). Springer, Cham. Guddeti, P., Dharavath, N. (2020). “Analysis of password protected Document.” COMPUSOFT: An International Journal of Advanced Computer Technology, 9(7): 3762-3767. Harichandran, V. S., Breitinger, F., Baggili, I., & Marrington, A. (2016). “A cyber forensics needs analysis survey: Revisiting the domain’s needs a decade later.” Computers & Security, 57, 1-13. Hassan, N. A. (2019). “Digital Forensics Basics: A Practical Guide Using Windows OS.” Apress. Hellman, M. (1980). “A cryptanalytic time-memory trade-off.” IEEE transactions on Information Theory, 26(4), 401-406. Hitaj, B., Gasti, P., Ateniese, G., & Perez-Cruz, F. (2019, June). “Passgan: A deep learning approach for password guessing.” In International Conference on Applied Cryptography and Network Security (pp. 217-237). Springer, Cham. Hur, U., Park, M., Kim, G., Park, Y., Lee, I., Kim, J. (2019). “Data acquisition methods using backup data decryption of Sony smartphones.” Digital Investigation, 31:200890. Houshmand S., Aggarwal S. (2017). “Using personal information in targeted grammar-based probabilistic password attacks.” In: IFIP International Conference on Digital Forensics. 285-303. Kara, İ. (2019). “Kaba Kuvvet Saldırı Tespiti ve Teknik Analizi.” Sakarya University Journal of Computer and Information Sciences, 2(2): 61-69. Kaya, Ö. F., Öztürk, E. (2017). “Veri ve Ağ Güvenliği İçin Uygulama ve Analiz Çalışmaları.” Istanbul Ticaret Universitesi Fen Bilimleri Dergisi, 16(31): 85-102. Kelley P.G., Komanduri S., Mazurek M.L., Shay R., Vidas, T., Bauer, L., ... Lopez, J. (2012). “Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms.” In 2012 IEEE symposium on security and privacy, 523-537. Kanta, A., Coisel, I., & Scanlon, M. (2020). “A survey exploring open source Intelligence for smarter password cracking.” Forensic Science International: Digital Investigation, 35, 301075. Kumar, S. (2015). “Digital Evidence-Technical Issues.” Advances in Computer Science and Information Technology (ACSIT). 2(11) 42-47. Lillis, D., Becker, B., O’Sullivan, T., & Scanlon, M. (2016). “Current challenges and future research areas for digital forensic investigation.” arXiv preprint arXiv:1604.03850. Lehto, M., & Neittaanmäki, P. (Eds.). (2018). “Cyber Security: Power and Technology” (Vol. 93). Springer. Saračević, M. H., Adamović, S. Z., Miškovic, V. A., Elhoseny, M., Maček, N. D., Selim, M. M., & Shankar, K. (2020). “Data Encryption for Internet of Things Applications Based on Catalan Objects and Two Combinatorial Structures.” IEEE Transactions on Reliability. Oechslin, P. (2003). “Making a faster cryptanalytic time-memory trade-off,” Advances in Cryptology, 617-630. Raza, M., Iqbal, M., Sharif, M., & Haider, W. (2012). “A survey of password attacks and comparative analysis on methods for secure authentication.” World Applied Sciences Journal, 19(4), 439-444. Thing V.L.L., Ying H.M. (2009). “A Novel Time-Memory Tradeoff Method for Password Recovery.” Noorunnisa, N.S., Afreen, D.K.R. (2016). “Review on Honey Encryption Technique.” International Journal of Science and Research, 2319-7064. Madsen W. (1998). “Encryption debate rages again.” Network Security, 5: 8-9. Milo, F., Bernaschi, M., & Bisson, M. (2011). “A fast, GPU based, dictionary attack to OpenPGP secret keyrings.” Journal of Systems and Software, 84(12), 2088-2096. Thakur, S., Singh, A.K., Ghrera, S.P., Elhoseny, M. (2019). “Multi-layer security of medical data through watermarking and chaotic encryption for telehealth applications.” Multimedia tools and Applications, 78(3):3457-3470. Narayanan A., Shmatikov V. (2005). “Fast dictionary attacks on passwords using time-space tradeoff,” Proc. of the 12th ACM Conference on Computer and Communications Security, 2005. Zhang Y., Monrose F., Reiter M.K. (2010). “The security of modern password expiration: An algorithmic framework and empirical analysis.” In Proceedings of the 17th ACM conference on Computer and communications security, 176-186. Wang, X. J., Liao, X. F., & Huang, H. Y. (2013). “Improvement of rainbow table technology based on number cutting of reduction function.” Comput. Eng, 7, 36. Weir M.S., B. Aggarwal de Medeiros., Glodek B. (2009). “Password cracking using probabilistic context-free grammars,” Proc. of the 30th IEEE Symposium on Security and Privacy, 391-405. Weir M., Aggarwal S., Collins M., Stern, H. (2010). “Testing metrics for password creation policies by attacking large sets of revealed passwords.” In Proceedings of the 17th ACM conference on Computer and communications security, 162-175.