Surviving Encryption: Cryptanalysis

The open-source approach
4.4 (4 ratings)
Instead of using a simple lifetime average, Udemy calculates a
course's star rating by considering a number of different factors
such as the number of ratings, the age of ratings, and the
likelihood of fraudulent ratings.
357 students enrolled
Take This Course
  • Lectures 40
  • Length 4.5 hours
  • Skill Level Expert Level
  • Languages English
  • Includes Lifetime access
    30 day money back guarantee!
    Available on iOS and Android
    Certificate of Completion
Wishlisted Wishlist

How taking a course works


Find online courses made by experts from around the world.


Take your courses with you and learn anywhere, anytime.


Learn and practice real-world skills and achieve your goals.

About This Course

Published 3/2014 English

Course Description

All SDF courses may now be found at SUMURI.COM. This course will remain live in UDEMY for existing students.

This class reviews decryption analysis tools from the open source community. There are plenty of no cost or low cost decryption solutions available to the forensic examiner. The problem is they are scattered and it would take significant time for any one person to research and test just a few. SUMURI has done the work for you and put together training featuring some of the best open source tools available. Students will learn how to build different types of word lists for dictionary attacks, how to create rainbow tables, tools for attacking Windows and Mac user passwords, attacking Mac keychains, recovering Internet passwords from Windows systems, and attacking password hashes. Topics will also include using open source tools such as Inception, John the Ripper, Hashcat, and more.

What are the requirements?

  • Computer forensic analysis experience
  • IT experience
  • Working knowledge of how encryption works

What am I going to get from this course?

  • Examining protected files
  • Resources for dictionary attack word lists
  • Creating wordlists from websites
  • Creating wordlists from memory or image files
  • Creating custom permutated word lists
  • Memory extraction
  • Resources for Rainbow tables
  • Creating rainbow tables
  • Attacking Windows User Passwords
  • Attacking Mac User Passwords
  • Attacking Mac DMG files
  • Attacking Mac Keychains
  • Recovering stored internet passwords on PCs
  • Overcoming passwords on live & encrypted systems
  • Using John the Ripper
  • Attacking password hashes
  • Using Hashcat (GUI Version)
  • Using Inception
  • Using Volatility

Who is the target audience?

  • Computer forensic analysts
  • IT professionals
  • Investigators

What you get with this course?

Not for you? No problem.
30 day money back guarantee.

Forever yours.
Lifetime access.

Learn on the go.
Desktop, iOS and Android.

Get rewarded.
Certificate of completion.


Section 1: Welcome & Introduction

Welcome to Surviving Encryption: Cryptanalysis. Please download the manual available in this module. Each practical may contain files for you to download.


In this practical we will look at the differences and similarities between three files.

Comparing Protected Files Quiz
3 questions

In this practical we will look at the differences and similarities between three files.

Section 2: Dictionaries, Word Lists & Rainbow Tables

Dictionary attacks are one the best best attack vectors you have as an analyst. In this lesson we will look at some online resources for word lists.


RSMangler is a freely available Mac and Linux based tool that creates per-mutated word lists based on the terms you supply. It is amazingly simple to use and a fantasic resource.


In this practical you will learn how to create a word list based on a web site in a few easy steps. This is ideal for when you want to build a custom word list based on the interests of the target.


In this lesson you will learn how to take a memory file and use it to produce a dictionary.


In this lesson we will learn how to test Mac swap and sleepimage files in order to determine their value as sources to produce word lists. The benefit of these files changes which each version of the operating system so testing and validating is important.


In this lesson we will go over an option to image memory from a Mac and talk about some inherent limitations.


This is a short discussion on the limitations of imaging RAM in OS 10.9.


In this practical you will be introduced to a Windows tool you can use to create your own custom rainbow tables.

Section 3: Decryption Tools: User Login Passwords

In this practical we will take a look at cracking Windows SAM files to harvest user login passwords.


In this practical we will take a look at how to attack Mac user login passwords.

User Login Passwords Quiz
2 questions
Section 4: Decryption Tools: Mac Files

In this practical we will take a look at protected DMG files.


In this practical we will take a look what is stored in Mac Keychain files and how to break them.

Mac Files Quiz
6 questions
Section 5: Decryption Tools: Inception

In this practical you will learn how to use Inception to bypass a user's login password. Note that there are no downloads for this exercise. You may download Paladin from and use the boot disc to try to exercise- Inception is pre-installed on it. Try this on two test systems, virtual machines may not work.

Section 6: Decrytpion Tools: Volatility

This in an extra to show you how to use Virtualbox and Paladin to create a a forensic virtual machine you may use for some of the practicals.


In this practical you will learn how to use Volatility to extract user names and password hashes from memory files.

Practical 15 Volatility Part 2
Practical 15 Volatility Part 3
Practical 15 Volatility Part 4
Section 7: Decryption Tools: John the Ripper

In this practical we are going break passwords using John the Ripper.

Practical 16 John the Ripper on a PC Part 2
Practical 16 John the Ripper on a PC Part 3
Practical 16 John the Ripper on a PC Part 4
Practical 16 John the Ripper on a PC Part 5
Practical 16 John the Ripper on a PC Part 6
Section 8: Decryption Tools: Internet Passwords

In this practical we will be looking at a way to obtain passwords that are strored in web browsers.

Section 9: Decryption Tools: Hashcat

Hashcat is one of the best free tools available for password hash attacks. In these practicals you will learn how to use Hashcat (CPU version) using a GUI.

Practical 18A Hashcat Part 2
Practical 18A Hashcat Part 3
Practical 18A Hashcat Part 4
Practical 18A Hashcat Part 5
Practical 18A Hashcat Part 6
Practical 18A Hashcat Part 7
Practical 18A Hashcat Part 8
Practical 18A Hashcat Part 9
Practical 18B Hashcat: Mac User Hashes
Practical 18C Hashcat: Windows User Hashes
Section 10: Conclusion

Thank you for choosing Sumuri!

Check out other classes at

Follow me on Twitter @LeclairDF to get the latest happenings.

Check out our Blog at

Check out our Youtube channel

Students Who Viewed This Course Also Viewed

  • Loading
  • Loading
  • Loading

Instructor Biography

Michael Leclair, Computer Forensic Analyst

Over twelve years of experience as a Computer Forensic Analyst, author and developer of computer forensic training and analysis tools. Specialties include: Windows forensics, Mac forensics, iOS forensics, Mac Server forensics & mobile device forensics. Creator of the "Surviving Digital Forensics" series and part of SUMURI's RECON for Mac OS X development team.

Certifications include: CFCE, CISSP, CCE, EnCE, A+, Network+

Regularly instruct law enforcement, government and corporate investigators both nationally and internationally in computer forensics.

Ready to start learning?
Take This Course