Understanding Windows Password Storage

Starting with Windows NT, Windows systems began storing their account user and hashed password data in one of two places: the Security Account Manager (SAM) file or Active Directory. Information about local accounts is stored in the local computer’s SAM file, which is located in the %SystemRoot%\System32\Config folder. This file exists as a registry hive file, which will be explained in more detail in Chapter 8, “The Registry Structure,” and is named simply SAM. An additional copy of this file may be found in the %SystemRoot%\Repair folder for use by system-recovery utilities in the event the working copy becomes corrupted. Note, however, that this copy is created during the initial installation of the operating ...

Get Mastering Windows Network Forensics and Investigation, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Windows Network Forensics and Investigation, 2nd Edition by

Understanding Windows Password Storage

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly