Parsing/Working wit...
 
Notifications
Clear all

Parsing/Working with ntds.dit (Active Directory database)

4 Posts
3 Users
0 Likes
927 Views
SleepParalysis
(@sleepparalysis)
Posts: 42
Eminent Member
Topic starter
 

Any ideas on software that can work with the Active Directory database (ntds.dit)? Software that can pull users/computers, OU's, things like that?

I see Encase supports Windows Server 2k but I'm wondering about 2k3.

Also, if anyone knows any methods of viewing AD other than booting images with Live View and viewing them that way.

Thanks

 
Posted : 26/11/2008 12:06 am
_nik_
(@_nik_)
Posts: 93
Trusted Member
 

I see Encase supports Windows Server 2k but I'm wondering about 2k3.

It does support 2k3 natively, but it must be "clean".
Just "View File Structure" it. If you have EDS and you ran Analyze EFS on the DC then it will decrypt the protected attributes.
There's Also a script that dumps the AD stuff

 
Posted : 26/11/2008 2:48 am
(@infern0)
Posts: 54
Trusted Member
 

FYI, the latest version of EnCase 6.12 released last week claims to support "dirty" DB files.

 
Posted : 03/12/2008 7:25 pm
SleepParalysis
(@sleepparalysis)
Posts: 42
Eminent Member
Topic starter
 

Thanks guys. I'll try out these suggestions.

 
Posted : 10/12/2008 12:37 am
Share: