±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 32899
New Yesterday: 0 Visitors: 181

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

How to bypass Win10 logon password?

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

How to bypass Win10 logon password?

Post Posted: Sat Aug 05, 2017 12:03 am

Usually we will use LiveView or VFC to "boot up" the evidence files acquired from suspect's computer or laptop. What if his/her OS is Win10? Win10 has two account types. One is Local User Account, and the other is Live ID Account. For VFC to bypass Local User Account is just a piece of cake. Let's see if VFC could bypass the password of Live ID Account. You guys could take a look at my blog to see what's going on.
www.cnblogs.com/pieces...88933.html  

gorvq7222
Senior Member
 
 
  

Re: How to bypass Win10 logon password?

Post Posted: Sat Aug 05, 2017 8:18 am

- gorvq7222
Usually we will use LiveView or VFC to "boot up" the evidence files acquired from suspect's computer or laptop. What if his/her OS is Win10? Win10 has two account types. One is Local User Account, and the other is Live ID Account. For VFC to bypass Local User Account is just a piece of cake. Let's see if VFC could bypass the password of Live ID Account. You guys could take a look at my blog to see what's going on.
www.cnblogs.com/pieces...88933.html

TL;DR:
No.
The VFC doesn't work at all with Windows 10.
Moreover the suggested Lazesoft ONLY deals with Local Account AND it seems a lot like being NOT "forensic sound" as the password is NOT bypassed NOR recovered, but rather set to NULL (i.e. changed).

If anyone needs to bypass the password, (again Local Account ONLY) the"right" way is dll patching, via passpass or other method, some references:

www.easy2boot.com/add-.../passpass/

When the patch engine has been updated to this or that version of Windows 10 dll is to be seen.

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 

jaclaz
Senior Member
 
 
  

Re: How to bypass Win10 logon password?

Post Posted: Sun Aug 06, 2017 2:10 am

Hi Jaclaz,

Thanks for your comment. I'm not pretty sure about whether VFC could handle Win10 local user account password or not. This case as you could see in my blog is a Win10 including both Live ID account and local user account.

Now I don't have VFC dongle in hand. Couple days later I will test to see if VFC could bypass a Win10 with only local user account. If VFC fails, that would be a breaking news~

When we use LiveView or VFC to boot up evidence files, no matter what we do to this snapshot it won't do any harm to evidence files. Don't worry too much about forensic sound on this matter. Besides all we want is to "ENTER" suspect's computer/laptop. I'm not trying to advertise for Lazesoft. In this situation any tools could achieve this goal will do.  

gorvq7222
Senior Member
 
 
  

Re: How to bypass Win10 logon password?

Post Posted: Sun Aug 06, 2017 12:00 pm

- gorvq7222
Hi Jaclaz,

Thanks for your comment. I'm not pretty sure about whether VFC could handle Win10 local user account password or not. This case as you could see in my blog is a Win10 including both Live ID account and local user account.

Now I don't have VFC dongle in hand. Couple days later I will test to see if VFC could bypass a Win10 with only local user account. If VFC fails, that would be a breaking news~

When we use LiveView or VFC to boot up evidence files, no matter what we do to this snapshot it won't do any harm to evidence files. Don't worry too much about forensic sound on this matter. Besides all we want is to "ENTER" suspect's computer/laptop. I'm not trying to advertise for Lazesoft. In this situation any tools could achieve this goal will do.


Sure, the points were:
1) there are tens of softwares that can change or reset the password ("Local account"), it is actually possible without using any third party software by simply using the install disc and making a copy of cmd.exe to sethc.exe.
2) there is one method that by changing a few bytes in a .dll used in the winlogon phase can effectively bypass the (still "Local Account") password.
3) there are ways (sometimes working, sometimes not working, to analyze the SAM hive and recover the password (still "Local Account") .
4)there is still another way (depending on version of windows, etc.) that allows making use of a "System" account on the "WinSta0\\Winlogon desktop" which may continue with a password change or reset:
reboot.pro/topic/18792...challenge/

The four above are DIFFERENT methods, with different impact on the underlying system, they may all be good (or not) BUT you shouldn't call the one with the other's name.

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 

jaclaz
Senior Member
 
 
  

Re: How to bypass Win10 logon password?

Post Posted: Fri Aug 11, 2017 12:57 pm

Jaclaz you are right. To my surprise VFC4 could not bypass either Win10 local user account password, nor LiveID account password. Thank God I did not spend money on it or I will go crazy. I'm used to use PE to handle logon password, and I'd like to share with other people those helpful tool no matter what the manufacturer is.

When I reset logon password of Win10, it only affect the snapshot generated by LiveView or VFC, and no doubt the evidence files are safe and sound. Like I said any tool could help me to deal with logon password so that I could enter this computer/laptop, to me it's a good tool. Expensive one like VFC or worth nothing like PE makes no difference to me.  

gorvq7222
Senior Member
 
 
  

Re: How to bypass Win10 logon password?

Post Posted: Fri Aug 11, 2017 1:10 pm

- gorvq7222
Jaclaz you are right. To my surprise VFC4 could not bypass either Win10 local user account password, nor LiveID account password. Thank God I did not spend money on it or I will go crazy. I'm used to use PE to handle logon password, and I'd like to share with other people those helpful tool no matter what the manufacturer is.

When I reset logon password of Win10, it only affect the snapshot generated by LiveView or VFC, and no doubt the evidence files are safe and sound. Like I said any tool could help me to deal with logon password so that I could enter this computer/laptop, to me it's a good tool. Expensive one like VFC or worth nothing like PE makes no difference to me.

And still you didn't get the message, which was only about the words used.

"Reset" is not a synonym of "bypass".

So now you have a thread and a blog post both titled "How to bypass Win10 logon password?" and in the blog:
1) the specific VFC (which may be called a "bypass" method ) does NOT work on Windows 10
2) it is suggested INSTEAD one (among tens or hundreds of similar tools) that can reset (and NOT bypass) the Window password.

The suggestion was to call things with their name.

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 

jaclaz
Senior Member
 
 

Page 1 of 1