Cracking passwords in Forensic Investigations: cost implications

Bulland, Vishal Vedprakash
Cusack, Brian
Item type
Degree name
Master of Forensic Information Technology
Journal Title
Journal ISSN
Volume Title
Auckland University of Technology

Digital Forensic Investigators need to forensically analyse digital data in order to investigate various crime cases. Quite often, the investigators come across password protection for the digital data that they need to investigate. Therefore, they need to crack passwords in order to gain access to potential evidence. There exist various problems in the field of password cracking. Due to technological advances in security, it currently takes—and is expected to continue taking—large amounts of time for digital forensic investigators to crack passwords. Due to the large amount of time required to crack passwords, the costs involved in cracking the passwords are also high. There also exists an ambiguity with regards to the outcome of the password-cracking procedure. Thus, there is a risk of the forensic investigator not being able to find the correct password even after spending large amounts of time and money. Apart from the ambiguity of the outcome and large password-cracking times, there also exists uncertainty regarding the amount of time a password may take to crack. While a variety of research in the field of password cracking exists, past studies have mostly concentrated on the underlying password-cracking technology in use. They have not examined the underlying procedures and practices involved in cracking passwords. In order to address the various challenges mentioned above, this research proposes the use of a budgeting model. The budgeting model aims to gain control over the amount of time required to crack a password. This also makes it possible to gain control over password-cracking costs. This research also defines an experimental design to define and test the processes involved using the budgeting model. This research consists of a simulation of 200 hypothetical password-cracking cases, classified in groups or blocks of 50 password cases. The various time budgets for each block of passwords are calculated before the actual password-cracking experiment is performed. The password-cracking experiment is then performed as per the defined processes for a period of seven days. The experiment is also monitored regularly. The actual password-cracking times for all of the passwords are also recorded. The data are then analysed. There are certain variations involved in the processes and results, which have been considered during analysis. The results find that the actual password-cracking times were less than the times allocated by the use of the budgeting model. Therefore, the budgeting model guidelines are demonstrated suitable to be followed as best-practice advice for digital forensic investigators. The results also show that the actual times required to crack the passwords are very near to half of the expected budgeted time. This suggests that, on average, the password-cracking times are half of the required budgeted time. The various research processes carried out are also evaluated in order to add to the existing best-practice knowledge for digital forensic investigators. Based on the findings of this study, the recommended budgeting procedure for digital forensic investigators is also outlined.

Password cracking , Cost of password cracking , Password cracking budget
Publisher's version
Rights statement