O'Reilly logo

Mastering Windows Network Forensics and Investigation, 2nd Edition by Scott Pearson, Ryan Johnson, Steve Bunting, Steven Anson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Exploring Security Identifiers

Each user, group, and machine in a Windows environment are assigned a security identifier. The SID is a unique identifier in that no two SIDs are the same. Windows grants or denies access and privileges to system objects based on access control lists (ACLs), which in turn use the SID as a means of identifying users, groups, and machines, since each has its own unique SID (Figure 9-36).

We have previously referred to SIDs and, in this chapter, we have made specific reference to identifying a user’s restore point NTUSER.DAT file by the user’s SID number. We’ll discuss how that is done in this section, but first let’s examine an SID and demystify that obscure set of letters and numbers. Figure 9-24 shows an SID number ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required