Last year I overheard a conversation about passwords being recovered from forensic images by searching for strings under the assumption that passwords can get recorded in written buffers, swap and slack space, core dumps, and log files at some time or another. After searching and not finding a lot of data on this subject, I created a set of tools to help extract passwords from images and score them based on length, complexity, entropy, and readability. While string extraction may result in millions of possible passwords, some of the scoring methods I use can develop a manageable set of possible passwords for dictionary based attacks. Bio: David C. Smith works at Georgetown University as the University Information Security Officer and is a co-owner of HCP Forensic Services. He manages teams to provide a variety of security services this time of data loss and e-discovery peril. Prior to becoming much more of "the man" than he intended, Dave was a security consultant, active with open source projects, was a 2600 meeting regular in DC / Northern VA area, and ran a bitchin WWIV BBS - The Last Cigarette.