O'Reilly logo

Mastering Windows Network Forensics and Investigation, 2nd Edition by Scott Pearson, Ryan Johnson, Steve Bunting, Steven Anson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Cracking Offline Passwords

So far, we have discussed cracking passwords only for systems that are running. As an investigator or incident responder, you will frequently be faced with systems that are powered off or forensic images of such computers. Fortunately, certain tools can extract the password data from the SAM files of these computers so that you can then feed them into a password cracker, such as RainbowCrack.

A frequent use for such a technique is to defeat the Windows Encrypting File System (EFS). EFS allows data to be stored on disk in an encrypted format automatically without manual action by the user. Files with the encrypted attribute selected (as described in, “Using Cain & Abel to Extract Windows Password Hashes,” later in this ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required