Elcomsoft Password Digger is a specialized digital forensics and data recovery software designed to extract, decrypt, and export data stored in macOS system and user keychains. It serves primarily as a Windows-based administrative and forensic tool to handle credentials pulled from a Mac computer. Core Capabilities
Full Keychain Extraction: It extracts and decrypts data from both the macOS system keychain and individual user keychains.
Unencrypted XML Export: The program formats the extracted data into a single plain-text XML file. This file can be imported into spreadsheets like Microsoft Excel or other third-party forensic analysis suites.
One-Click Dictionary Building: It automatically filters extracted plain-text user passwords to compile a custom dictionary file.
Forensic Time-Saving: Native Apple Keychain Access security forces users to re-enter passwords for every individual record. This tool bypasses that repetitive verification to dump all records simultaneously. Extracted Credential Types
The tool parses out highly sensitive authentication data stored within the Apple ecosystem, including:
Accounts & Communications: Apple ID login details, email configurations (such as Gmail and Microsoft Exchange), and web site credentials.
Network Infrastructure: Wi-Fi passwords, AirPort or TimeCapsule keys, VPN configurations, and remote server access credentials (RDP, FTP, SSH).
Local Data: iTunes backup passwords and protected iWork documents. Operational Requirements
To perform the decryption process, the tool requires specific files and credentials: Host Environment: A Windows PC to run the executable.
Target Files: The raw keychain files moved or copied from the target macOS system.
Master Authentication: The user’s account password (or specific keychain password) is required to derive the proper decryption keys. System keychains additionally require an administrative system key extracted directly from a live Mac system. Strategic Integration
Data generated by the software can be combined with other Elcomsoft utilities to expand investigative reach:
Custom Wordlists: The custom wordlist generated from real passwords can be loaded into Elcomsoft Distributed Password Recovery to dramatically speed up dictionary attacks against encrypted hard drives or office documents.
Cloud Access: Extracting the master Apple ID password allows investigators to plug the credentials into Elcomsoft Phone Breaker to legally download and view a user’s unencrypted iOS and iCloud cloud backups. ElcomSoft Password Digger | LOGON Software Asia
Leave a Reply