Industry News

Hashcat Basics for Mobile Forensic Investigators

What is Hashcat?

Hashcat is a popular password-cracking tool that security professionals, researchers, and digital forensic specialists use to recover lost or forgotten passwords. It works by taking a password hash, a unique alphanumeric representation of a password, and using numerous attacks to guess the password that produced the hash. Hashcat is fast and efficient, making it a powerful tool for password recovery. 

According to GitHub, “Hashcat is the world’s fastest and most advanced password recovery utility, supporting five unique modes of attack for over 300 highly-optimized hashing algorithms. Hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS, and has facilities to help enable distributed password cracking.” 

Hashcat is unaffiliated with Magnet Forensics and licensed under the MIT license

How Hashcat Works 

Hashcat takes advantage of known vulnerabilities in password hashing algorithms, such as MD5 or SHA-256. These algorithms work to take a password and produce a unique fixed-length string of characters, known as a hash. The hash is typically stored in a database or file, along with other user information, such as usernames or email addresses. 

Hashcat uses various techniques to crack passwords, such as brute force attacks, dictionary attacks, and hybrid attacks. Brute force attacks try every possible combination of characters until you find the correct password. Dictionary attacks use a pre-computed list of commonly used passwords to try and match the hash to a password. Hybrid attacks combine these two approaches, using a custom wordlist and adding additional characters or rules to each word. 

Once Hashcat has successfully cracked the password, it will display the plain-text version of the password to the user. Digital investigators can use plain text to test their passwords’ strength or recover lost ones.  

New (and seasoned) mobile forensic investigators who want to learn more about how they can use Hashcat in an investigation are invited to watch an on-demand webinar from DFS Matt Fullerton and DFS Stephen Coates: *Using the Passcode History File and Hashcat. Passcode history can be beneficial for your investigation but can be challenging to obtain. In this webinar, you’ll learn how you can use data extracted using Magnet GRAYKEY, in combination with Hashcat, to recover passwords for faster case resolution. 

*This video is available to vetted law enforcement professionals who have requested and/or obtained login credentials to access the webinar. 

Related Resources

Blog

Blog

Magnet User Summit 2024: One for the ages 

It’s our favorite time of the year!

April 18, 2024 • About a 3 minute view
Blog

Blog

Introducing Magnet One: Redefining the pursuit of justice

At Magnet Forensics, we're thrilled to announce Magnet One, the digital forensics platform that aims to redefine the pursuit of justice.

April 16, 2024 • About a 4 minute view
Blog

Blog

Introducing Magnet Nexus: Large-scale investigations, made easy

In today’s workplace, employees and critical business assets are often spread throughout the globe. Employees may be working from home, the office, or a combination of both. To enable a

April 11, 2024 • About a 5 minute view
Resource Center Home

Subscribe today to hear directly from Magnet Forensics on the latest product updates, industry trends, and company news.

Start modernizing your digital investigations today.

Top