Hello all,
I have been working on a Infidelity Case and the subject to extreme measures to cover his tracks. He used antivirus, Spyware, shredder programs, progarms to automatically delete history, changed his HDD from a 40GB to a 20GB, and had a number of task scheduled to clean and defrag the HDD at night.
Two of the tools he used was Glarysoft and Spybot. I have found five "Internet Explorer" zip files. Inside each are a sbRecovery.ini and sbRecovery.reg. Both are encrypted and I can't crack the password. Has anyone encountered these files is there a known password?
Next are a number of backup files created by Glarysoft with a .sfi extension
which I can't seem to view either. Can anyone help me on these?
I would like to see if there is anything I can use in these backup files.
Thanks in advance for any help you can offer.
Hi,
For the numbered files in the 'Backup' folder, try a password of 'bj2020' - I cracked one from an exhibit using this password, and one when testing on a lab machine using PRTK Dictionary attack.
Do let me know how you get on with it, as I currently have a case involving it, although I think it was just used to delete registry keys… will work on it later.
From testing, the SFI files within mine are link files from the Start Menu. Not really done any further work with it as yet.
Minesh
No luck with "bj2020"