Chapter 4: Windows Password Issues

Explain how Windows stores username and password information. Windows OSes store the username and passwords in one of two places. Local accounts are stored in the computer’s SAM file, while domain accounts on Windows 2000, 2003, and 2008 domains are stored in the Active Directory database file called ntds.dit. Passwords are stored not in plain text but rather as an encrypted password or as a hash value. Windows uses two different techniques to store the LanMan and NTLM password credentials. The first, oldest, and weakest is the LanMan encryption process. This process suffers from numerous problems that make its encryption relatively easy to crack. The second, NTLM, provides a more secure option and so is less ...

Get Mastering Windows Network Forensics and Investigation, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.