[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] unzipping an encrypted zip file

Subject: [ale] unzipping an encrypted zip file
From: Richard at Bronosky.com (Richard Bronosky)
Date: Thu, 6 Aug 2009 17:59:20 -0400
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]>

That's an AES Encrypted Zip file http://www.winzip.com/aes_info.htm To
my knowledge it is a WinZip only format. Awesome huh?

On Thu, Aug 6, 2009 at 5:44 PM, Greg Freemyer<greg.freemyer at gmail.com> wrote:
> On Thu, Aug 6, 2009 at 4:20 PM, Michael H. Warfield<mhw at wittsend.com> wrote:
>> On Thu, 2009-08-06 at 15:36 -0400, Greg Freemyer wrote:
>>> All,
>>
>>> I need to unzip an encrypted zip file. ?What tool should I use. ?(And
>>> yes windows is available, but I hate to give in and ask a co-worker to
>>> do it for me.)
>>
>>> First attempt:
>>> $ unzip fileserver_sec_log.zip
>>> Archive: ?fileserver_sec_log.zip
>>> ? End-of-central-directory signature not found. ?Either this file is not
>>> ? a zipfile, or it constitutes one disk of a multi-part archive. ?In the
>>> ? latter case the central directory and zipfile comment will be found on
>>> ? the last disk(s) of this archive.
>>> unzip: ?cannot find zipfile directory in one of fileserver_sec_log.zip or
>>> ? ? ? ? fileserver_sec_log.zip.zip, and cannot find
>>> fileserver_sec_log.zip.ZIP, period.
>>
>> ? ? ? ?What is it "encrypted" with? ?I deal with encrypted zip files all the
>> time (generally malware samples to study) and simply running unzip -l on
>> the archive will still give you a listing of the archive (the "central
>> directory" is not encrypted) but you need the password to extract the
>> files. ?This sounds like it's either externally encrypted or corrupt or
>> there's a new zip encryption method in town.
>>
>>> Greg
>>
>> ? ? ? ?Mike
>
> Mike,
>
> Turns out the zip file was corrupted when I pulled it off the email somehow.
>
> How I get:
>
> # unzip fileserver_sec_log.zip
> Archive: ?fileserver_sec_log.zip
> ? skipping: fileserver_genetics_sec_log.txt ?unsupported compression method 99
>
> The file was zipped with a current version of winzip I believe. ?I
> actually gave up and unzipped it via my co-workers pc / winzip. ?It
> worked fine, but I'm still curious.
>
> Greg
> --
> Greg Freemyer
> Head of EDD Tape Extraction and Processing team
> Litigation Triage Solutions Specialist
> http://www.linkedin.com/in/gregfreemyer
> Preservation and Forensic processing of Exchange Repositories White Paper -
> <http://www.norcrossgroup.com/forms/whitepapers/tng_whitepaper_fpe.html>
>
> The Norcross Group
> The Intersection of Evidence & Technology
> http://www.norcrossgroup.com
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>



-- 
.!# RichardBronosky #!.

Follow-Ups:
- [ale] unzipping an encrypted zip file
  - From: greg.freemyer at gmail.com (Greg Freemyer)
- [ale] unzipping an encrypted zip file
  - From: mhw at WittsEnd.com (Michael H. Warfield)

References:
- [ale] unzipping an encrypted zip file
  - From: greg.freemyer at gmail.com (Greg Freemyer)
- [ale] unzipping an encrypted zip file
  - From: mhw at WittsEnd.com (Michael H. Warfield)
- [ale] unzipping an encrypted zip file
  - From: greg.freemyer at gmail.com (Greg Freemyer)

Prev by Date: [ale] unzipping an encrypted zip file
Next by Date: [ale] unzipping an encrypted zip file
Previous by thread: [ale] unzipping an encrypted zip file
Next by thread: [ale] unzipping an encrypted zip file
Index(es):
- Date
- Thread