[ale] unzipping an encrypted zip file

Greg Freemyer greg.freemyer at gmail.com
Thu Aug 6 18:15:32 EDT 2009 

Ah....

Something else for Mike's to do list. :)

Greg

On Thu, Aug 6, 2009 at 5:59 PM, Richard Bronosky<Richard at bronosky.com> wrote:
> That's an AES Encrypted Zip file http://www.winzip.com/aes_info.htm To
> my knowledge it is a WinZip only format. Awesome huh?
>
> On Thu, Aug 6, 2009 at 5:44 PM, Greg Freemyer<greg.freemyer at gmail.com> wrote:
>> On Thu, Aug 6, 2009 at 4:20 PM, Michael H. Warfield<mhw at wittsend.com> wrote:
>>> On Thu, 2009-08-06 at 15:36 -0400, Greg Freemyer wrote:
>>>> All,
>>>
>>>> I need to unzip an encrypted zip file.  What tool should I use.  (And
>>>> yes windows is available, but I hate to give in and ask a co-worker to
>>>> do it for me.)
>>>
>>>> First attempt:
>>>> $ unzip fileserver_sec_log.zip
>>>> Archive:  fileserver_sec_log.zip
>>>>   End-of-central-directory signature not found.  Either this file is not
>>>>   a zipfile, or it constitutes one disk of a multi-part archive.  In the
>>>>   latter case the central directory and zipfile comment will be found on
>>>>   the last disk(s) of this archive.
>>>> unzip:  cannot find zipfile directory in one of fileserver_sec_log.zip or
>>>>         fileserver_sec_log.zip.zip, and cannot find
>>>> fileserver_sec_log.zip.ZIP, period.
>>>
>>>        What is it "encrypted" with?  I deal with encrypted zip files all the
>>> time (generally malware samples to study) and simply running unzip -l on
>>> the archive will still give you a listing of the archive (the "central
>>> directory" is not encrypted) but you need the password to extract the
>>> files.  This sounds like it's either externally encrypted or corrupt or
>>> there's a new zip encryption method in town.
>>>
>>>> Greg
>>>
>>>        Mike
>>
>> Mike,
>>
>> Turns out the zip file was corrupted when I pulled it off the email somehow.
>>
>> How I get:
>>
>> # unzip fileserver_sec_log.zip
>> Archive:  fileserver_sec_log.zip
>>   skipping: fileserver_genetics_sec_log.txt  unsupported compression method 99
>>
>> The file was zipped with a current version of winzip I believe.  I
>> actually gave up and unzipped it via my co-workers pc / winzip.  It
>> worked fine, but I'm still curious.
>>
>> Greg
>> --
>> Greg Freemyer
>> Head of EDD Tape Extraction and Processing team
>> Litigation Triage Solutions Specialist
>> http://www.linkedin.com/in/gregfreemyer
>> Preservation and Forensic processing of Exchange Repositories White Paper -
>> <http://www.norcrossgroup.com/forms/whitepapers/tng_whitepaper_fpe.html>
>>
>> The Norcross Group
>> The Intersection of Evidence & Technology
>> http://www.norcrossgroup.com
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>>
>
>
>
> --
> .!# RichardBronosky #!.
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>



-- 
Greg Freemyer
Head of EDD Tape Extraction and Processing team
Litigation Triage Solutions Specialist
http://www.linkedin.com/in/gregfreemyer
Preservation and Forensic processing of Exchange Repositories White Paper -
<http://www.norcrossgroup.com/forms/whitepapers/tng_whitepaper_fpe.html>

The Norcross Group
The Intersection of Evidence & Technology
http://www.norcrossgroup.com

More information about the Ale mailing list