A Survey Exploring Open Source Intelligence for Smarter Password Cracking

Kanta, Aikaterini; Coisel, Iwen; Scanlon, Mark

Publication Date:  December 2020

Publication Name:  Forensic Science International: Digital Investigation, Volume 35,, Pages 301075,

Abstract:   From the end of the last century to date, consumers are increasingly living their lives online. In today’s world, the average person spends a significant proportion of their time connecting with people online through multiple platforms. This online activity results in people freely sharing an increasing amount of personal information e as well as having to manage how they share that information. For law enforcement, this corresponds to a slew of new sources of digital evidence valuable for digital forensic investigation. A combination of consumer level encryption becoming default on personal computing and mobile devices and the need to access information stored with third parties has resulted in a need for robust password cracking techniques to progress lawful investigation. However, current password cracking techniques are expensive, time-consuming processes that are not guaranteed to be successful in the time-frames common for investigations. In this paper, the potential for Open Source Intelligence (OSINT) being leveraged for more efficient password cracking is explored. A comprehensive survey of the literature on password strength, password cracking, and OSINT is outlined, and the law enforcement challenges surrounding these topics are discussed. Additionally, an analysis on password structure as well as demographic factors influencing password selection is presented. Finally, the potential impact of OSINT to password cracking by law enforcement is discussed.

Download Paper:

Download Paper as PDF

BibTeX Entry:


      @article{kanta2020SurveyOSINTPasswordCracking,
author={Kanta, Aikaterini and Coisel, Iwen and Scanlon, Mark},
title="{A Survey Exploring Open Source Intelligence for Smarter Password Cracking}",
journal="{Forensic Science International: Digital Investigation}",
year=2020,
month=12,
volume=35,
publisher={Elsevier},
url={https://doi.org/10.1016/j.fsidi.2020.301075},
doi={https://doi.org/10.1016/j.fsidi.2020.301075},
pages={301075},
abstract={From the end of the last century to date, consumers are increasingly living their lives online. In today’s world, the average person spends a significant proportion of their time connecting with people online through multiple platforms. This online activity results in people freely sharing an increasing amount of personal information e as well as having to manage how they share that information. For law enforcement, this corresponds to a slew of new sources of digital evidence valuable for digital forensic investigation. A combination of consumer level encryption becoming default on personal computing and mobile devices and the need to access information stored with third parties has resulted in a need for robust password cracking techniques to progress lawful investigation. However, current password cracking techniques are expensive, time-consuming processes that are not guaranteed to be successful in the time-frames common for investigations. In this paper, the potential for Open Source Intelligence (OSINT) being leveraged for more efficient password cracking is explored. A comprehensive survey of the literature on password strength, password cracking, and OSINT is outlined, and the law enforcement challenges surrounding these topics are discussed. Additionally, an analysis on password structure as well as demographic factors influencing password selection is presented. Finally, the potential impact of OSINT to password cracking by law enforcement is discussed.}
}