Handling encrypted items in a forensic case, especially with Full Disk Encryption (FDE) images and archives, requires significant computational resources. This task is impossible without relying on network-distributed, hardware-accelerated decryption.
This in turn demands a convenient tool to distribute password recovery tasks efficiently across a network cluster.
Passware offers such a tool within its Passware Kit Ultimate, Forensic, and Business licenses. The distributed password recovery option, along with the built-in Resource Manager, enables computer forensic professionals to configure, manage, and monitor their hardware networks remotely.
Benefits of Distributed Password Recovery
Passware Kit (Ultimate, Forensic, and Business editions) distributes password recovery tasks across a network of Windows and Linux computers, as well as Amazon EC2 and Microsoft Azure Cloud Agents, for linear scalability.
Passware’s distributed password recovery option empowers users to remotely control all Passware Kit Agents within their network directly from the Passware Kit (Server).
The Server manages Agent assignment, connection settings, update options, hardware usage, GPU utilization level, and other configurations. The distributed computing cluster operates seamlessly in environments with VPNs and multiple IP addresses for the Agents. Each Passware Kit Agent provides detailed reports and features an extensive status list for monitoring and precise troubleshooting.
The key benefits of Passware distributed password recovery are:
- Multi-platform solution
The Passware Kit Server runs on Windows and macOS, while the Agents run on Windows and Linux systems, as well as cloud platforms: Amazon EC2 and Microsoft Azure. - Supports 180+ file types and all BF attacks
All types of files that require brute-force password recovery approaches are supported. Distributed password recovery works with any combination of the brute-force attacks: Dictionary, Brute-force, Xieve, Mask, Known Passwords/Part, Previous Passwords, and their modifiers. - Remote resource management
Passware Kit provides the remote control over the network Agents: assignment, connection settings, and hardware usage, as well as detailed reports and logging, including an extensive status list for troubleshooting. - High performance and GPU acceleration
Passware Kit features linear performance scalability by efficiently utilizing multiple-core CPUs and GPUs. The Resource Manager prevents GPU overheating by automatically disabling the problematic unit upon reaching the specified temperature threshold. - Automatic updates
Both Passware Kit Server and the Agents can be automatically updated as long as the PKU license or the annual PKF Software Maintenance and Support (SMS) subscription is active.
Resource Management and GPU Acceleration
Passware Kit maximizes efficiency by utilizing all available computational resources. It supports all types of NVIDIA and AMD GPUs with OpenCL 2.0 and higher, allowing up to 12 GPUs per host computer, whether it’s the Passware Kit Server or an Agent. The Mac version of Passware Kit supports OpenCL, including AMD GPUs and NVIDIA/AMD eGPUs. The Passware Kit Server can be configured on a computer without a GPU, distributing password recovery tasks to Agents with more powerful hardware.
To simplify the setup of password recovery clusters and the management of both local and remote hardware, Passware Kit includes a Resource Manager. The Resource Manager is accessible via the Tools menu before initiating any decryption tasks, and it remains available as a tab during the password recovery process.
The Resource Manager displays a list of known Passware Kit Agents, connected and disconnected, and allows the addition of new Agents. For each Agent, it shows its name, operating system, available RAM, and IP address.
The list of Agents can be sorted and filtered based on their configuration, status, temperature, GPU load, speed, number of checked passwords, and other properties. For each Agent, Passware Kit allows the following remote actions: enable/disable, restart, assign to a specific server, update, view detailed settings and logs, and remove from the list.
The full list of the Resource Manager options is available on the Passware Knowledge Base.
Passware Kit Agents
Passware Kit Agent is a network-distributed password recovery tool that assists with password recovery tasks managed by Passware Kit (Server).
Passware Kit allows remote customization of the following settings for each network Agent: name, description, assignment to a server, auto-update option, auto-discovery option, connection port, and connection password.
For precise control over Agent hardware, Passware Kit offers settings such as enabling and disabling computational units, disabling GPU acceleration when the user is active, GPU disabling in case of overheating based on temperature thresholds, GPU utilization levels, and system information.
During the password recovery session, the performance of each Agent is monitored and displayed graphically, showing current, average, and maximum speeds.
The full list of the Passware Kit Agent settings is available on the Passware Knowledge Base.
Licensing
Distributed password recovery is supported in Passware Kit Ultimate, Forensic, and Business editions. The Ultimate edition includes 10 Agents, the Forensic edition includes 5 Agents, and the Business edition does not include any Agents by default. Additional Agents can be purchased as required. For sales inquiries or technical questions, please feel free to contact us.
Use Case
Since Passware Kit is licensed per user, a single Passware Kit Forensic license allows one forensic expert to conduct password recovery processes on a batch of files and disk images using their Passware Kit Server. This server then distributes tasks across the computational hardware of up to five Agents installed on other computers. Another forensic expert can initiate decryption for a separate backlog of files using another Passware Kit Forensic license.
Both licenses of Passware Kit Forensic can utilize the same network of Agents. Forensic experts can remotely manage which Agents and GPUs their Server utilizes from their computers running Passware Kit Forensic, using the Resource Manager feature.
Summary
To manage a backlog of files with strong encryption efficiently, it is crucial to leverage all available hardware. Passware’s new distributed password recovery feature, combined with the Resource Manager, empowers computer forensic professionals to configure, distribute, and manage their hardware networks remotely. This enhanced approach significantly boosts performance and improves the success rate of decryption.