Any ideas on software that can work with the Active Directory database (ntds.dit)? Software that can pull users/computers, OU's, things like that?
I see Encase supports Windows Server 2k but I'm wondering about 2k3.
Also, if anyone knows any methods of viewing AD other than booting images with Live View and viewing them that way.
Thanks
I see Encase supports Windows Server 2k but I'm wondering about 2k3.
It does support 2k3 natively, but it must be "clean".
Just "View File Structure" it. If you have EDS and you ran Analyze EFS on the DC then it will decrypt the protected attributes.
There's Also a script that dumps the AD stuff
FYI, the latest version of EnCase 6.12 released last week claims to support "dirty" DB files.
Thanks guys. I'll try out these suggestions.