Windows Logon Password – Get Windows Logon Password using Wdigest in Memory Dump

by

The former way to acquire the Windows logon password of user is to get a NTML hash value through the Windows logon session and registry then crack it. Figure 1 shows the well-known ways to get a NTML hash value of user’s windows logon password. All of the obtained information using these methods is NTLM hash and it needs to be cracked with password crack tools. If the password is too long and even hard to crack, it is difficult to acquire the user’s Windows logon password. However, the tool called “Mimikatz” [1] has been announced in 2012 to solve the problem. It uses DLL injection on live status so that it can print out the user’s Windows logon password as a plaintext even though the password is long.

In this article, we’ll apply one of the methods used in “Mimikatz” called “extracting user’s Windows logon password using Wdigest” to memory dump, so we can help out the investigators with memory forensics…

Read More

Leave a Comment

Latest Videos

Forensic Focus

Forensic Focus
Eugene Liscio, founder of ai2-3D, discusses video evidence principles in the context of digital forensic investigations.

Eugene Liscio, founder of ai2-3D, discusses video evidence principles in the context of digital forensic investigations.

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_fGaM--V2n64

Video Evidence Principles With Amped Software #digitalforensics #podcast

Forensic Focus 7 hours ago

Emma Pickering, Head of Tech and Economic Abuse at Refuge, discusses tech support for survivors of domestic abuse.

Emma Pickering, Head of Tech and Economic Abuse at Refuge, discusses tech support for survivors of domestic abuse.

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_b6drVsyDLaw

Protecting Victims From Stalkerware And Tech-Enabled Abuse #podcast #digitalforensics

Forensic Focus 7 hours ago

Eva Galperin, Director of Cybersecurity at the Electronic Frontier Foundation, and Emma Pickering, Head of Tech and Economic Abuse at Refuge discuss the impact of digital forensics and incident response (DFIR) in cases of domestic abuse. They highlight the prevalence of tech-enabled abuse, such as the use of stalkerware, and the need for comprehensive support and safety plans for survivors.

Eva Galperin, Director of Cybersecurity at the Electronic Frontier Foundation, and Emma Pickering, Head of Tech and Economic Abuse at Refuge discuss the impact of digital forensics and incident response (DFIR) in cases of domestic abuse. They highlight the prevalence of tech-enabled abuse, such as the use of stalkerware, and the need for comprehensive support and safety plans for survivors.

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_PnZ6O0fXZwI

Protecting Victims From Stalkerware And Tech-Enabled Abuse

Forensic Focus 5th December 2023 8:55 pm

Load More... Subscribe
This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Digital Forensics Round-Up, December 07 2023
News

Digital Forensics Round-Up, December 07 2023

ByForensic FocusDec 7, 2023
Investigating A Malware Attack Using Binalyze AIR’s Investigation Hub
Articles

Investigating A Malware Attack Using Binalyze AIR’s Investigation Hub

ByBinalyzeDec 6, 2023
Introducing Oxygen Forensic® KeyDiver – A Decryption Tool For Enhanced Digital Investigations
News

Introducing Oxygen Forensic® KeyDiver – A Decryption Tool For Enhanced Digital Investigations

ByOxygenForensicsDec 6, 2023
📲 Passware Kit Mobile 2024 v1: Decryption Of Samsung MediaTek-Based Devices
News

📲 Passware Kit Mobile 2024 v1: Decryption Of Samsung MediaTek-Based Devices

ByPasswareDec 6, 2023
Detego Global Achieves City & Guilds Assured Status For The Detego Ultimate Training Programme
News

Detego Global Achieves City & Guilds Assured Status For The Detego Ultimate Training Programme

ByDetego Digital ForensicsDec 5, 2023
Experience The Power Of Binalyze AIR, Live At Black Hat Europe
News

Experience The Power Of Binalyze AIR, Live At Black Hat Europe

ByBinalyzeDec 4, 2023