Vulnerabilities Reported In Mac Encryption Products

Mountain View, Calif. (February 1, 2012) – Passware, Inc., a provider of password recovery, decryption, and electronic evidence discovery software for computer forensics, law enforcement organizations, government agencies and private investigators, announces Passware Kit Forensic v11.3, which builds upon the product’s capabilities to recover Mac OS user login passwords from computer memory (see July 26, 2011 press release) by decrypting Mac hard disks encrypted with FileVault.

Passware emphasizes the importance of Mac forensics (according to the recent statistics on Mac platforms sales) and ability to handling full disk encryption as an essential part of eDiscovery with the latest release of Passware for instant FileVault decryption. The solution includes live target memory acquisition over FireWire and subsequent recovery of a FileVault encryption key. Computer forensics can now easily gain a FileVault encryption key from the target computer memory, which provides full access to the encrypted Mac hard disk. The full process takes no more than 40 minutes – regardless of the length or complexity of the password.

“Full disk encryption is becoming a major obstacle for digital investigations,” said Dmitry Sumin, president, Passware, Inc. “The latest version of Passware Kit Forensic offers multiple approaches to overcoming this problem, such as live memory analysis and extraction of encryption keys for BitLocker, TrueCrypt, and FileVault. This means forensic experts are better armed to approach investigative challenges with an effective and efficient solution that significantly reduces decryption time and thus allows investigators to focus on data analysis.”

Latest Features and Vulnerability Alert to Casual Mac Users

With the release of this feature, Passware also announces that the new Passware Kit Forensic 11.3:

recovers hashed passwords with Rainbow Tables

extracts passwords from encrypted Mac keychain files

builds a password list for its Dictionary attack based on the words detected in a computer memory

Supporting the solution’s ability to decrypt Mac hard disks encrypted with FileVault, other memory analysis options available with Passware Kit Forensic include decryption of TrueCrypt, BitLocker, and recovery of Mac user login passwords.

Having designed the latest features of Passware Kit Forensic for computer forensics, Passware alerts home users of the vulnerabilities of Mac encryption solutions and advises users to shut down their computers especially when working with confidential data. Sumin notes, “Live memory analysis opens up great possibilities to password recovery and decryption. Every user should be aware that even full disk encryption is insecure while the data rests in computer memory.”

Pricing and Availability

Passware Kit Forensic is available directly from Passware and a network of resellers worldwide. The price is $995 with one year of free updates. Additional product information and screen shots are available at http://www.lostpassword.com/kit-forensic.htm.

About Passware Inc.

Founded in 1998, Passware Inc. is the worldwide leading maker of password recovery, decryption, and electronic evidence discovery software. Law enforcement and government agencies, institutions, corporations and private investigators, help desk personnel, and thousands of private consumers rely on Passware software products to ensure data availability in the event of lost passwords. Passware customers include many Fortune 100 companies and various US federal and state agencies, such as IRS, US Army, US Department of Defense (DOD), US Department of Justice, US Department of Homeland Security, US Department of Transportation, US Postal Service, US Secret Service, US Senate, and US Supreme Court.

More information about Passware, Inc. is available at http://www.lostpassword.com/. Passware is a privately held corporation with headquarters in Mountain View, Calif. and a software development and engineering office in Moscow, Russia.