If you're a RegRipper user, you may want to take a look at this blog post
http//
thanks.
A continued, thank you.
Thanks Harlan, appreciated.
Thanks, gents…I'd really appreciate your thoughts on the updates…
System Hive - ControlSet001\Control\TimeZoneInformation
Bias and ActiveTimeBias values should be interpreted as signed integers, not unsigned
I think it says "password not required" when one is required on a Windows 7 Home Premium, Version 6.1, SP1 machine. This applied to 2 user accounts on the same computer.
My reasons for saying this are
Ophcrack has found a password.
There is a password hint.
There was an incorrect password logon attempt at 0749
There was a logon at 0755
The computer was seized at 0830
ForensicUserInfo also says a password is required.
Unfortunately I'm unable to VM this computer.
Yeah I've found ophcrack to be reliable at telling if there was a password on an account. I vaguely remember harlan mentioning in one of his books that the "password required' doesnt relate to whether there is a password currently set, but I may be mistaken; unfortunately my copies of the books are at work so I can't check.
Unfortunately I'm unable to VM this computer.
how come you aren't able to get a VM working? have you checked out the tutorials on justaskweg.com; I've found them incredibly helpful
how come you aren't able to get a VM working? have you checked out the tutorials on justaskweg.com; I've found them incredibly helpful
Thanks for the tip on VM troubleshooting. I wasn't familiar with justaskweg.com
how come you aren't able to get a VM working? have you checked out the tutorials on justaskweg.com; I've found them incredibly helpful
Thanks for the tip on VM troubleshooting. I wasn't familiar with justaskweg.com
no problem. jimmy is also very helpful if you post a comment on his blog; he'll respond quite quickly with a potential fix.
also ive heard that a new version of liveview is floating around that also might work
I think it says "password not required" when one is required on a Windows 7 Home Premium, Version 6.1, SP1 machine. This applied to 2 user accounts on the same computer.
My reasons for saying this are
Ophcrack has found a password.
There is a password hint.
There was an incorrect password logon attempt at 0749
There was a logon at 0755
The computer was seized at 0830
ForensicUserInfo also says a password is required.Unfortunately I'm unable to VM this computer.
If you're able to show/demo that the flag setting is incorrectly represented, please do so and I'll be more than happy to address it.
The "password not required" entry is a flag setting, and means simply that…that a password is not required
http//
It does NOT mean that the account does not have a password…it means that if account policies are set on the system, with respect to password complexity, length, etc., that they do not apply to that account. That's all it means. Again, it does NOT mean that the account does not have a password.
There is a sidebar on Pg 93 of "Windows Registry Forensics" that addresses this setting.