There is also the old favouraite of pressing Ctrl-Alt-Del twice to invoke the Adminstrator account. Often this account is left without a password during the installation phase and is rarely rectified post installation.
Regards,
Jim
That is correct, EDS allows you to view files encrypted using EFS within Encase, but does not provide you with the user's password.
EDS does scan the autocomplete/IE, FTP and Autologon passwords and displays the found information. Autocomplete can be anaylyzed with a script. Also you can run a dictionary/bruteforce attack against the Local and Domain users' passwords.
Or you can export the PWDUMP file for the local users, so you can run rainbow over them.
Nik
Gentleman
When we are talking about cracking the WIN Log on password, is it from the "mirrir image" or the copy of the actual hard drive copy?
Just curious, as I have never yet came across this problem.
Thanks
Mark