Software

Below are the various Mac tools I have made to help out forensic analysts. They are free for use.

UPDATE 2016: I am not planning on updating these for OS X Sierra.


crowbarDMG
crowbarDMG

crowbarDMG is a dictionary attack tool for DMG and Spareimage files for Macs. It does require 10.5 Leopard. It is completely free, so enjoy. Be sure to read the included PDF readme file. I address an issue if you use strings to pull out a dictionary from a disc image. Some control characters need to be scrubbed else it will crash crowbarDMG. Give it a shot if you need to recover a password for a dmg or filevault file.


crowbarKC
crowbarKC

crowbarKC is a dictionary attack tool for Mac keychain files. It does require 10.5 Leopard. It is completely free, so enjoy. Be sure to read the included PDF readme file. I address an issue if you use strings to pull out a dictionary from a disc image. Some control characters need to be scrubbed else it will crash crowbarKC. Give it a shot if you need to recover a password for a Mac keychain.


crowbarPGP
crowbarPGP

crowbarPGP is a dictionary attack tool for PGP (www.pgp.com) Whole Disk Encryption and PGD virtual PGP Disk files.  It requires 10.5 or 10.6 OSX.  One key thing. I included the PGD attack feature.  However I found a memory leak in the pgpdisk command last year.  I informed PGP of it and provided them the backup material.  Unfortunately my contact is no longer with PGP and the memory leak is still there in the recent v10.0 PGP for Mac OSX.  So I strongly suggest you do not use that feature until they patch it.  When they do I will post a blog update and likely do a small version increment to the program through the automatic updates feature.


 

Thanks to Paul Figgiani for his patience in making GUI layout and improvement suggestions.

Thanks to Big Nerd Ranch for the fun bootcamp last October. I would have never had the time to get up to speed on Xcode and ObjectiveC purely on my own.

Thanks as well to the following code and frameworks:

Share