O'Reilly logo

Mastering Windows Network Forensics and Investigation, 2nd Edition by Scott Pearson, Ryan Johnson, Steve Bunting, Steven Anson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Understanding Windows Password Storage

Starting with Windows NT, Windows systems began storing their account user and hashed password data in one of two places: the Security Account Manager (SAM) file or Active Directory. Information about local accounts is stored in the local computer’s SAM file, which is located in the %SystemRoot%\System32\Config folder. This file exists as a registry hive file, which will be explained in more detail in Chapter 8, “The Registry Structure,” and is named simply SAM. An additional copy of this file may be found in the %SystemRoot%\Repair folder for use by system-recovery utilities in the event the working copy becomes corrupted. Note, however, that this copy is created during the initial installation of the operating ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required