Windows Vista Password Recovery
I am doing a forensic exam using EnCase and trying to recover user's password for Windows Vista. Can anybody send me in the right direction please? Thanks.
Here's a great guide
You'll need to download some free tables (with the opportunity to purchase more comprehensive ones - however the freebies have worked 95% of the time for me), and a couple of programs, but then you're ready to rock and roll.
Hope this helps.
It depends on the complexity of the passwords. 2 tools which are free
1)Oph Crack - Just extract the SAM and SYSTEM hive files and run OphCrack - some of the tables are free.
If the password is more complex use Ophcrack to get the NT Hash and use
2)rcrack - You'll need to download the NTLM rainbow tables though.
You could just download and run the Ophcrack LiveCD for Win Vista & boot the machine from the CD. Then follow the onscreen instructions.
+1. Did this the other day at work and it worked well. Also works for Win7
My tool of choice at the moment is Cain (http//www.oxid.it/cain.html) and a dictionary file. Theres a load of other great crackers out there like John the ripper, etc so find one you like.
Most rainbow tables only cover part of the search space, you cant rely on just them to get everything for you, you need to learn how to apply a brute force or dictionary attack when its called for, and how to get hints about what the password is likely to be. Saved passwords on the machine are great for this kind of thing, does the user tend to use his birthyear at the end of a dictionary word? That kind of thing.