±Your Account
Membership:
New Today: 0
New Yesterday: 4
Overall: 24360
Visitors: 41
±Latest Articles
· Catching the ghost: how to discover ephemeral evidence with Live RAM analysis
· Geo-tagging & Photo Tracking On iOS
· KS – an open source bash script for indexing data
· Mobile Device Geotags & Armed Forces
· Categorization of embedded system forensic collection methodologies
· Interpretation of NTFS Timestamps
· What are ‘gdocs’? Google Drive Data – part 2
· What are ‘gdocs’? Google Drive Data
· Bad Sector Recovery
· Forensic Artifact: Malware Analysis in Windows 8
· Geo-tagging & Photo Tracking On iOS
· KS – an open source bash script for indexing data
· Mobile Device Geotags & Armed Forces
· Categorization of embedded system forensic collection methodologies
· Interpretation of NTFS Timestamps
· What are ‘gdocs’? Google Drive Data – part 2
· What are ‘gdocs’? Google Drive Data
· Bad Sector Recovery
· Forensic Artifact: Malware Analysis in Windows 8
±Follow Us
±Latest Jobs
Back to top
Skip to content
Skip to menu
Back to top
Back to main
Skip to menu
Go to page Previous 1, 2, 3 Next
I'm curious and definitely exposing my lack of knowledge here, because all my work is in an enterprise domain so like you local SAM files don't help - why is the SAM file not an option because it's a domain computer?
Just asking out of ignorance.
Cheers
Again possibly showing my ignorance - why can't we recover it just because it's not stored on the local computer? I'm internal corporate resource, why wouldn't I be able to get my hands on the SAM file (assuming central IT know which file it is, which relates back to an earlier comment of mine I think).
Cheers
Taurean25,
Liveview makes a Law Enforcement version that allows you to blank user name and passwords when you blow the image into a VM. If you have access to this application i would suggest using it as it will probably prove to be the quickest solution although the other suggestions could also prove successful but would likely require a significant amount of time for the Rainbow tables to break the password. Just an idea.
~N
reset passwords in domain computer virtual machine
Re: reset passwords in domain computer virtual machine
Posted: Thu Jul 05, 2012 1:57 pm
- taurean25I plan to use the passware kit. The sam file is not an option because its a domain computer
I'm curious and definitely exposing my lack of knowledge here, because all my work is in an enterprise domain so like you local SAM files don't help - why is the SAM file not an option because it's a domain computer?
Just asking out of ignorance.
Cheers
-
Cults14 - Senior Member
Re: reset passwords in domain computer virtual machine
Posted: Thu Jul 05, 2012 7:27 pm
If the image is of the domain computer then the domain password is actually stored on the domain controller isn't it? a different computer so you can't recover it that way as it's not stored on the local computer.
My network knowledge is a bit rusty these days so hopefully that's right.
My network knowledge is a bit rusty these days so hopefully that's right.
-
Adam10541 - Senior Member
Re: reset passwords in domain computer virtual machine
Posted: Fri Jul 06, 2012 7:42 am
- Adam10541a different computer so you can't recover it that way as it's not stored on the local computer.
Again possibly showing my ignorance - why can't we recover it just because it's not stored on the local computer? I'm internal corporate resource, why wouldn't I be able to get my hands on the SAM file (assuming central IT know which file it is, which relates back to an earlier comment of mine I think).
Cheers
-
Cults14 - Senior Member
Re: reset passwords in domain computer virtual machine
Posted: Fri Jul 06, 2012 8:37 am
Because, even if you got your hands on the SAM file, it wouldn't contain the domain credentials. SAM stores local accounts only.
If you want domain credentials, that's in the Security hive file within the image. If he's looking for a specific credential, it may not be there. I think it only caches a limited number of domain logins. You guys are constructing Rube-Golberg solutions.
As for using the domain controller, I doubt that another domain computers passwords would be stored there.
I do not know where the domain controller stores passwords for user accounts in the domain. I'd assume active directory, but I am unsure. It does not come up much.
If you want domain credentials, that's in the Security hive file within the image. If he's looking for a specific credential, it may not be there. I think it only caches a limited number of domain logins. You guys are constructing Rube-Golberg solutions.
As for using the domain controller, I doubt that another domain computers passwords would be stored there.
I do not know where the domain controller stores passwords for user accounts in the domain. I'd assume active directory, but I am unsure. It does not come up much.
-
twjolson - Senior Member
Re: reset passwords in domain computer virtual machine
Posted: Fri Jul 06, 2012 11:09 am
- taurean25I have created a virtual machine of a dd image using live view however I need to log into the virtual machine .
The image is from a domain computer
I have tried peter recovery disk but it was unsuccessful
Taurean25,
Liveview makes a Law Enforcement version that allows you to blank user name and passwords when you blow the image into a VM. If you have access to this application i would suggest using it as it will probably prove to be the quickest solution although the other suggestions could also prove successful but would likely require a significant amount of time for the Rainbow tables to break the password. Just an idea.
~N
-
N3o33 - Newbie
Re: reset passwords in domain computer virtual machine
Posted: Mon Jul 09, 2012 2:16 am
LiveView LE version - what about those of us not in LE? It isn't free, but has anyone used VFC2 which claims to be able to bypass Windows password requirements?
Cheers
Cheers
-
Cults14 - Senior Member
Re: reset passwords in domain computer virtual machine
Posted: Tue Jul 10, 2012 12:03 am
-
cedricpernet - Member