13.3 Dealing with Password Protection and Encryption


13.3 Dealing with Password Protection and Encryption

Palm OS permits users to password protect their device and stores the associated password in encoded form in two places: in the "Unsaved Preferences" database on the device and in a file named "users.dat" file on computers that are used to HotSync the device. Also, if a Palm OS device is on, digital evidence examiners can obtain an encoded version of the password via the InfraRed port using the notsync[10] utility on another Palm OS device. Prior to Palm OS 4, these passwords were weakly encoded and could be recovered using palmcrypt as shown here.

    D:\>palmcrypt -d    B8791D707A2359435082DA4E599FBE4BEE675CCE541B346C04186C55AE81CDF    PalmOS Password Codec    kingpin@atstake.com    @stake Research Labs    http://www.atstake.com/research    August 2000    0x62 0x69 0x72 0x74 0x68 0x64 0x61 0x79 [birthday] 

It is more difficult to recover data from a Palm OS device that is protected with strong encryption using applications like Secret! and CryptoPad. In such cases, it may be possible to recover data in unencrypted form in the device memory or on the computer used to HotSync the device. Alternatively, it may be possible to obtain or guess the password used to encrypt the data. More advanced tools and techniques for obtaining or guessing passwords from PDAs and mobile telephones are described in the Handbook of Computer Crime Investigation, Chapter 11 (Van der Knijff 2001).

[10]http://www.atstake.com/research/tools/password_auditing/




Digital Evidence and Computer Crime
Digital Evidence and Computer Crime, Second Edition
ISBN: 0121631044
EAN: 2147483647
Year: 2003
Pages: 279

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net