TY - JOUR
T1 - A survey exploring open source Intelligence for smarter password cracking
AU - Kanta, Aikaterini
AU - Coisel, Iwen
AU - Scanlon, Mark
N1 - Publisher Copyright:
© 2020 The Author(s)
PY - 2020/12/1
Y1 - 2020/12/1
N2 - From the end of the last century to date, consumers are increasingly living their lives online. In today's world, the average person spends a significant proportion of their time connecting with people online through multiple platforms. This online activity results in people freely sharing an increasing amount of personal information – as well as having to manage how they share that information. For law enforcement, this corresponds to a slew of new sources of digital evidence valuable for digital forensic investigation. A combination of consumer level encryption becoming default on personal computing and mobile devices and the need to access information stored with third parties has resulted in a need for robust password cracking techniques to progress lawful investigation. However, current password cracking techniques are expensive, time-consuming processes that are not guaranteed to be successful in the time-frames common for investigations. In this paper, the potential for Open Source Intelligence (OSINT) being leveraged for more efficient password cracking is explored. A comprehensive survey of the literature on password strength, password cracking, and OSINT is outlined, and the law enforcement challenges surrounding these topics are discussed. Additionally, an analysis on password structure as well as demographic factors influencing password selection is presented. Finally, the potential impact of OSINT to password cracking by law enforcement is discussed.
AB - From the end of the last century to date, consumers are increasingly living their lives online. In today's world, the average person spends a significant proportion of their time connecting with people online through multiple platforms. This online activity results in people freely sharing an increasing amount of personal information – as well as having to manage how they share that information. For law enforcement, this corresponds to a slew of new sources of digital evidence valuable for digital forensic investigation. A combination of consumer level encryption becoming default on personal computing and mobile devices and the need to access information stored with third parties has resulted in a need for robust password cracking techniques to progress lawful investigation. However, current password cracking techniques are expensive, time-consuming processes that are not guaranteed to be successful in the time-frames common for investigations. In this paper, the potential for Open Source Intelligence (OSINT) being leveraged for more efficient password cracking is explored. A comprehensive survey of the literature on password strength, password cracking, and OSINT is outlined, and the law enforcement challenges surrounding these topics are discussed. Additionally, an analysis on password structure as well as demographic factors influencing password selection is presented. Finally, the potential impact of OSINT to password cracking by law enforcement is discussed.
KW - Context-based password cracking
KW - Digital investigation
KW - Open source intelligence
KW - Password security
UR - http://www.scopus.com/inward/record.url?scp=85098474378&partnerID=8YFLogxK
U2 - 10.1016/j.fsidi.2020.301075
DO - 10.1016/j.fsidi.2020.301075
M3 - Review article
AN - SCOPUS:85098474378
SN - 2666-2825
VL - 35
JO - Forensic Science International: Digital Investigation
JF - Forensic Science International: Digital Investigation
M1 - 301075
ER -