±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 3 Overall: 36445
New Yesterday: 2 Visitors: 204

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

winlogon Password

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2 
  

Andy
Senior Member
 

Re: winlogon Password

Post Posted: Nov 03, 06 03:27

SamInside is a good program for recovering NT and LM passwords. Extract the SAM and System files from your image and use it. Better still if you can get hold of some Rainbow tables......  
 
  

iruiper
Senior Member
 

Re: winlogon Password

Post Posted: Nov 06, 06 14:12

I can't see the use of EnCase EDS here. Isn't it useful just for EFS? I don't think you can get a Windows logon password from it.  
 
  

echo6
Senior Member
 

Re: winlogon Password

Post Posted: Nov 06, 06 14:28

- iruiper
I can't see the use of EnCase EDS here. Isn't it useful just for EFS? I don't think you can get a Windows logon password from it.

That is correct, EDS allows you to view files encrypted using EFS within Encase, but does not provide you with the user's password.  
 
  

yey365
Newbie
 

Re: winlogon Password

Post Posted: Nov 06, 06 16:24

There is also the old favouraite of pressing Ctrl-Alt-Del twice to invoke the Adminstrator account. Often this account is left without a password during the installation phase and is rarely rectified post installation.

Regards,

Jim  
 
  

_nik_
Senior Member
 

Re: winlogon Password

Post Posted: Nov 07, 06 01:28

- echo6

That is correct, EDS allows you to view files encrypted using EFS within Encase, but does not provide you with the user's password.


EDS does scan the autocomplete/IE, FTP and Autologon passwords and displays the found information. Autocomplete can be anaylyzed with a script. Also you can run a dictionary/bruteforce attack against the Local and Domain users' passwords.
Or you can export the PWDUMP file for the local users, so you can run rainbow over them.

Nik  
 
  

TMD22
Member
 

Re: winlogon Password

Post Posted: Nov 07, 06 04:33

Gentleman:

When we are talking about cracking the WIN Log on password, is it from the "mirrir image" or the copy of the actual hard drive copy?

Just curious, as I have never yet came across this problem.

Thanks

Mark  
 

Page 2 of 2
Page Previous  1, 2