To address the low efficiency and high resource consumption of password cracking in digital forensics, this paper proposes a lightweight rule-optimization framework grounded in policy compliance and empirical user behavior. Methodologically, it introduces the first dynamic rule-generation mechanism based on policy structures—such as the NCSC’s three-word password guidelines—integrated with password statistical modeling, analysis of public datasets, and user surveys to construct multi-granularity dictionaries and quantitatively assess the real-world vulnerability of three-word passwords under varying high-frequency word ratios. Key contributions include: (1) the first systematic revelation of the inherent tension between usability and security in three-word passwords; (2) a 40% reduction in rule-set size via iterative compression, yielding significantly faster cracking performance; and (3) empirical validation that a compact sub-dictionary comprising only the top 30% most frequent words successfully cracks 77.5% of real-world three-word passwords, confirming substantial practical risk.

Efficient password cracking is a critical aspect of digital forensics, enabling investigators to decrypt protected content during criminal investigations. Traditional password cracking methods, including brute-force, dictionary and rule-based attacks face challenges in balancing efficiency with increasing computational complexity. This study explores rule based optimisation strategies to enhance the effectiveness of password cracking while minimising resource consumption. By analysing publicly available password datasets, we propose an optimised rule set that reduces computational iterations by approximately 40%, significantly improving the speed of password recovery. Additionally, the impact of national password recommendations were examined, specifically, the UK National Cyber Security Centre's three word password guideline on password security and forensic recovery. Through user generated password surveys, we evaluate the crackability of three word passwords using dictionaries of varying common word proportions. Results indicate that while three word passwords provide improved memorability and usability, they remain vulnerable when common word combinations are used, with up to 77.5% of passwords cracked using a 30% common word dictionary subset. The study underscores the importance of dynamic password cracking strategies that account for evolving user behaviours and policy driven password structures. Findings contribution to both forensic efficiency and cyber security awareness, highlight the dual impact of password policies on security and investigative capabilities. Future work will focus upon refining rule based cracking techniques and expanding research on password composition trends.