±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 35636
New Yesterday: 3 Visitors: 136

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

Password-Protected Windows 10

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2, 3, 4 
  

jaclaz
Senior Member
 

Re: Password-Protected Windows 10

Post Posted: Jul 22, 18 10:28

- passcodeunlock
If I got it right, having or not EFS is just a presumption, not a fact. Why not simply create a binary copy to another HDD or SSD, replace the .dll file for password bypass on the clone, boot the clone.

If anything goes wrong, you will always have the original drive in it's current state, so there is nothing to loose ?!


The EFS, from the little data points we have, JimC's and my (little) expereince is a rare, rare, rare case.

To make a forensic image (or clone) is anyway the first thing to do to preserve the evidence.

As a matter of fact (provided that the image or "clone" is "forensically sound") there is no real need to modify and boot the clone (imagine that you have to do that on (say) a stupid Surface:
it.ifixit.com/Guide/Mi...ment/60383
unless you have a router available Shocked it will be tough (but you can still use a Dremel+stand) Wink :
surfacepro3ssdupgrade....-1-tb.html

You can modify and boot the original (and later restore to it the "clone" or forensic image).

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

erasers
Newbie
 

Re: Password-Protected Windows 10

Post Posted: Sep 11, 18 10:53

- Armando0
- JimC
Thank you @Jaclaz for the helpful summary of the different methods.

Methods (1) and (2) both provide a system-level command-prompt at the login screen. This can be used to reset an account password. Method (3) by-passes this and permits login with any password. The end result is the almost same and all 3 methods require file system access to an unencrypted OS volume.

However, something which I don't think has been mentioned yet is that once the password has been changed (or bypassed) you will no longer have access to EFS encrypted data or other secrets protected by the Windows credential manager.

I would be interested to learn from other practitioners if this scenario has come up or is changing/bypassing the password sufficient in practice despite the limitation?

Jim

www.binarymarkup.com


If you don't want to lose access to EFS encrypted files or stored network/browser passwords, you have no other way but to recover the old password. Besides using Ophcrack to crack the password using rainbow tables, you can also use the following softwares to recover your password with GPU hardware acceleration:

RainbowCrack - project-rainbowcrack.com/
HashCat - hashcat.net/hashcat/
Password Recovery Bundle - www.recoverywindowspas...overy.html
Proactive System Password Recovery - www.elcomsoft.com/pspr.html

A high-end graphics card can boost the cracking speed a lot.

Thank you for your advice / tool,i have tested it on my computer one by one .
And the computer has been unlocked .  
 
  

jaclaz
Senior Member
 

Re: Password-Protected Windows 10

Post Posted: Sep 11, 18 13:45

- erasers

Thank you for your advice / tool,i have tested it on my computer one by one .

Why? Shocked
I mean, 4 (four) or more possible approaches have been provided, if you have a locked computer and you want to unlock it, usually you try the methods one by one UNTIL you manage to unlock it.
Or is it a research/test project analtizing the various possibilities?

- erasers

And the computer has been unlocked .


Sure Smile , but HOW EXACTLY, i.e. through using which one(s) or *all* of the provided methods?

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

Daomaser
Newbie
 

Re: Password-Protected Windows 10

Post Posted: Feb 27, 19 08:11

Two tools I share, one free and one non-free,I tried them on my computer.  
 
  

Beautifullypople
Newbie
 

Re: Password-Protected Windows 10

Post Posted: Apr 19, 19 09:04

- Daomaser
Two tools I share, one free and one non-free,I tried them on my computer.

I got it.Google does a very good job,it will provide many effective methods about Windows password reset.
More info:
www.winpwd.com/
www.openwall.com/john/  
 

Page 4 of 4
Page Previous  1, 2, 3, 4