Re: Forensic Trends
85 views
Skip to first unread message
help...@nataxe-logistics.com
Mar 25, 2008, 3:35:07 PM3/25/08
to Forens...@googlegroups.com
Can someone help me in finding a way to a open messenger log files? The file extention is: sqm.
I need to verify the contents of this sqm files for a forensic investigation.
Please if you have any idea or tools I may use to display the content, i'll appreciate. Thanks
F. Theodora
-----Original Message-----
From: dtabone [mailto:dta...@gmail.com]
Sent: Wednesday, February 27, 2008 04:08 AM
To: 'Forensic Ideas'
Subject: Re: Forensic Trends
You might want to readup some latest news here: http://www.eweek.com/c/a/Security/Researchers-Crack-BitLocker-FileVault/ "The issue is described as a design limitation that could allow practical attacks against laptops in "sleep" or "hibernation" mode" On Feb 8, 4:39 pm, GavanS wrote: > I am trying to gather information on Bitlocker and the problems it > creates for forensic analysis on encrypted drives. Based on my initial > research, it appears as though there is no backdoor solution. > Therefore, you either have the key or you don't. Does anyone have any > information on emerging trends, whether by law enforcement agencies or > underground groups? Thanks. > > On Feb 7, 11:38 pm, "Brett Shavers" wrote: > [...] > > > > > -Vista BitLocker and whole disk encryption is creating problems by > > 'pulling the plug' > [...] > > Brett Shavers > > > On Feb 7, 2008 8:17 PM, liusiguang wrote: > > > > I have been reading this forum for some time and it seems to be > > > winding down. In the interest of gathering momentum again, I would > > > like to start a thread on forensic trends. > > > > What do you see as the 'next big thing' in forensics? There is > > > considerable movement in the direction of small scale digital device > > > forensics, for example. > > > > Another question: what tools would you like to see developed? > > > > What are your needs? > > > > Regards, > > > > Sam Norris- Hide quoted text - > > > - Show quoted text -- Hide quoted text - > > - Show quoted text -
Israel Torres
Mar 26, 2008, 7:18:24 PM3/26/08
to Forens...@googlegroups.com
Messenger Log Pro states it saves in the same format as Messenger Live - may be worth a look:
http://formessengers.com/mlog.htm
http://www.foryoursoft.com/download/mlogpro6.exe
Israel Torres--
Earth below us / drifting falling / floating weightless /coming coming home.../ hackersoffaplane.org
All systems gone! Prepare for downcount!
http://formessengers.com/mlog.htm
http://www.foryoursoft.com/download/mlogpro6.exe
Israel Torres
Earth below us / drifting falling / floating weightless /coming coming home.../ hackersoffaplane.org
All systems gone! Prepare for downcount!
Geoffrey Alexander
Mar 28, 2008, 7:15:51 AM3/28/08
to forens...@googlegroups.com
Have you tried Notepad?
Open the file with Notepad, copy & paste the content into Word or similar, select recurrent strings of garbage and 'Replace All' with a string of symbols (8888 works well) and re-run replacing the dummy code with a space.
Many kinds of unreadable data can be straightened out using this technique.
Sorry to those who use this all the time, I suppose I'm showing my limitations but it's the only suggestion I can come up with.
I haven't any sqm files on my machine so can't experiment.
Let us know if you find the answer please.
Geoffrey.
________________________________
> From: help...@nataxe-logistics.com
> To: Forens...@googlegroups.com
> Date: Tue, 25 Mar 2008 19:35:07 +0000
> Subject: Re: Forensic Trends
_________________________________________________________________
Welcome to the next generation of Windows Live
http://www.windowslive.co.uk/get-live
cf5 org
Mar 31, 2008, 9:11:44 AM3/31/08
to Forens...@googlegroups.com
help...@nataxe-logistics.com
Mar 31, 2008, 11:11:04 AM3/31/08
to Forens...@googlegroups.com
Did someone work on a case in the past regarding investigating if a suspect has been the one that has been using his PC with internet connection for around 3 hours. But the problem is to prove that he has been the one that really has been using the computer including internet connection (modem) for the 3 hours. He has been convicted because the judge said that it could also someone else that has been working with computer during the 3 hours. The crime took place during that time.
Any suggestions how to approach this case. I have already been working on it, but up to know it has been hard to get the necesarry data, although I have some.
Regards,
Franklin
help...@nataxe-logistics.com
Mar 31, 2008, 11:00:31 AM3/31/08
to Forens...@googlegroups.com
Yes, I tried notepad. But it didn't work.
I will send for you some sqm files later today.
Franklin
-----Original Message-----
From: Geoffrey Alexander [mailto:h1eve...@hotmail.com]
Sent: Friday, March 28, 2008 07:15 AM
To: forens...@googlegroups.com
Subject: Forensic Trends: SQM files
Have you tried Notepad? Open the file with Notepad, copy & paste the content into Word or similar, select recurrent strings of garbage and 'Replace All' with a string of symbols (8888 works well) and re-run replacing the dummy code with a space. Many kinds of unreadable data can be straightened out using this technique. Sorry to those who use this all the time, I suppose I'm showing my limitations but it's the only suggestion I can come up with. I haven't any sqm files on my machine so can't experiment. Let us know if you find the answer please. Geoffrey. ________________________________ > From: help...@nataxe-logistics.com > To: Forens...@googlegroups.com > Date: Tue, 25 Mar 2008 19:35:07 +0000 > Subject: Re: Forensic Trends > > Can someone help me in finding a way to a open messenger log files? The file extention is: sqm. > > I need to verify the contents of this sqm files for a forensic investigation. > > Please if you have any idea or tools I may use to display the content, i'll appreciate. Thanks > > F. Theodora > > -----Original Message----- > From: dtabone [mailto:dta...@gmail.com] > Sent: Wednesday, February 27, 2008 04:08 AM > To: 'Forensic Ideas' > Subject: Re: Forensic Trends > > You might want to readup some latest news here: http://www.eweek.com/c/a/Security/Researchers-Crack-BitLocker-FileVault/ "The issue is described as a design limitation that could allow practical attacks against laptops in "sleep" or "hibernation" mode" On Feb 8, 4:39 pm, GavanS wrote:> I am trying to gather information on Bitlocker and the problems it> creates for forensic analysis on encrypted drives. Based on my initial> research, it appears as though there is no backdoor solution.> Therefore, you either have the key or you don't. Does anyone have any> information on emerging trends, whether by law enforcement agencies or> underground groups? Thanks.>> On Feb 7, 11:38 pm, "Brett Shavers" wrote:> [...]>>>>> -Vista BitLocker and whole disk encryption is creating problems by>> 'pulling the plug'> [...]>> Brett Shavers>>> On Feb 7, 2008 8:17 PM, liusiguang wrote:>>>> I have been reading this forum for some time and it seems to be>>> winding down. In the interest of gathering momentum again, I would>>> like to start a thread on forensic trends.>>>> What do you see as the 'next big thing' in forensics? There is>>> considerable movement in the direction of small scale digital device>>> forensics, for example.>>>> Another question: what tools would you like to see developed?>>>> What are your needs?>>>> Regards,>>>> Sam Norris- Hide quoted text ->>> - Show quoted text -- Hide quoted text ->> - Show quoted text - > _________________________________________________________________ Welcome to the next generation of Windows Live http://www.windowslive.co.uk/get-live
Israel Torres
Mar 31, 2008, 2:01:56 PM3/31/08
to Forens...@googlegroups.com
From my viewpoint only multi-factor authentication using biometrics requirements could help in proving anything that would require it to be in the users possession and knowledge at any particular moment in time... other than that anyone could type in someone's password they left on a sticky somewhere or smartcard with a pin written on it... of course anything can be spoofed. It is my understanding that such granularity currently doesn't exist in proving that the owner is the user of the machine at any point in time... which I may also note why the RIAA is failing in their proceedings.
Israel Torres
Israel Torres
2008/3/31 <help...@nataxe-logistics.com>:
help...@nataxe-logistics.com
Mar 31, 2008, 4:09:07 PM3/31/08
to Forens...@googlegroups.com
Thanks Istrael.
This person insisted that he has been chatting during these 3 hours with at least 2 persons. The only way that we can have the case re-open again is to proof that he has e.g. been chatting. But up to now it is very difficult to find any log (artificats) or part of a log that I can analyse to see if it contents any chat data/info of that particular night.
Franklin
Israel Torres
Mar 31, 2008, 5:34:26 PM3/31/08
to Forens...@googlegroups.com
Have you checked with the server, perhaps they have logs of the connections and or conversations? It wasn't made clear to which chat client they were using and if it is a commercial or private one. If the client logs aren't enabled by default (and most aren't) and if they weren't enabled then you pretty much are going to have to hope that either 1. someone installed a keylogger on their machine and recorded the information you seek and it is somewhere on the drive. 2. the server has a log of the connections and disconnections and/or record of the conversations. Other than the logs or evidence of these artifacts existing can't the parties involved testify that they were indeed chatting with this individual during this window of time?
Israel Torres
Israel Torres
2008/3/31 <help...@nataxe-logistics.com>:
Nigel Young
Mar 31, 2008, 7:50:49 PM3/31/08
to Forens...@googlegroups.com
If the
chat system was MSN Messenger (under any of its various names) then it uses the
MSN Password login system (shared with Hotmail) and the login time will be have
recorded on the Microsoft US servers. The logout time and the reason for
logout (e.g. timeout) should be recorded as well.
If
there is a three hour interval between login and logout and little or no other
relevant use (essentially Hotmail use) in that period then this is consistent
with the user chatting for that time.
If the
user knows the hotmail addresses of the people with whom he was chatting then
you could try to find their login/logout times as well.
I
presume that you have evidence to demonstrate the start and end of the
telephone call via the modem (lucky to be using old technology). If these
times match the MSN login/logout times then you have supporting evidence not
only that someone was using the computer at these times but that he had knew the
Hotmail account's password. You also have confirmatory evidence from the
other users even without logs of the chat contents.
You
could also look at last modified times of files
fsr*.log
Nigel
Young
help...@nataxe-logistics.com
Apr 2, 2008, 10:51:44 AM4/2/08
to Forens...@googlegroups.com, nigel...@computer-expert.co.uk
I'am trying to get to know the contents of not only the chat logs but also the sqm log files.
As I get to know the the sqm log files do have info regarding start en end time and other info important for Microsoft. These info can be key evidence for the case together with the chat log files.
Up to now the info regarding the facts that he has been chatting with to other persons has not been accepted during the trial and also the fact that he has been using the computer for 3 hours.
That's why I need "hard" evidence to make it possible to re-open the case.
Any other help is welcome.
Regards,
Franklin THeodora
JAY
Apr 12, 2008, 2:07:42 PM4/12/08
to Forens...@googlegroups.com
They are Windows Live Messenger Log Files(Stands for Service Quality Monitoring files). They are safe to delete, but it is unsure on how to stop them from appearing.
I think if you use the final version, and not a beta. They may stop producing?
also try unchecking the customer experience program option that can be found under Tools->Options
I think if you use the final version, and not a beta. They may stop producing?
also try unchecking the customer experience program option that can be found under Tools->Options
Software Quality Metrics data collection files are not nessecairly related to Windows Live Messenger. They can be made by other MS related products too.
On Tue, Mar 25, 2008 at 12:35 PM, <help...@nataxe-logistics.com> wrote:
Israel Torres
Oct 4, 2008, 2:15:53 PM10/4/08
to Forens...@googlegroups.com
http://msnshadow.blogspot.com/
MSN Shadow is a instant messaging forensics tool to analyze and to inject
traffic in the MSN protocol. It has features such as:
* Decoding of text conversations
* Decoding of video conversations
* Spoofing messages
* Hijacking sessions
* Shutdown users
* Reports in HTML format
* Save video stream in AVI format
* Capture of contacts list
* Reading of pcap files
This came across the wire this morning.
download from http://sourceforge.net/projects/msnshadow
Israel Torres
MSN Shadow is a instant messaging forensics tool to analyze and to inject
traffic in the MSN protocol. It has features such as:
* Decoding of text conversations
* Decoding of video conversations
* Spoofing messages
* Hijacking sessions
* Shutdown users
* Reports in HTML format
* Save video stream in AVI format
* Capture of contacts list
* Reading of pcap files
This came across the wire this morning.
download from http://sourceforge.net/projects/msnshadow
Israel Torres
--
Use Public Key: 0xDFA6126C
... laughing and licking and sleeping! Dancing hax0rs in lust!
Use Public Key: 0xDFA6126C
... laughing and licking and sleeping! Dancing hax0rs in lust!
Israel Torres
Oct 4, 2008, 2:15:53 PM10/4/08
to Forens...@googlegroups.com
http://msnshadow.blogspot.com/
MSN Shadow is a instant messaging forensics tool to analyze and to inject
traffic in the MSN protocol. It has features such as:
* Decoding of text conversations
* Decoding of video conversations
* Spoofing messages
* Hijacking sessions
* Shutdown users
* Reports in HTML format
* Save video stream in AVI format
* Capture of contacts list
* Reading of pcap files
This came across the wire this morning.
download from http://sourceforge.net/projects/msnshadow
Israel Torres
MSN Shadow is a instant messaging forensics tool to analyze and to inject
traffic in the MSN protocol. It has features such as:
* Decoding of text conversations
* Decoding of video conversations
* Spoofing messages
* Hijacking sessions
* Shutdown users
* Reports in HTML format
* Save video stream in AVI format
* Capture of contacts list
* Reading of pcap files
This came across the wire this morning.
download from http://sourceforge.net/projects/msnshadow
Israel Torres
On Sat, Apr 12, 2008 at 11:07 AM, JAY <jay....@gmail.com> wrote:
Israel Torres
Oct 4, 2008, 2:15:53 PM10/4/08
to Forens...@googlegroups.com
http://msnshadow.blogspot.com/
MSN Shadow is a instant messaging forensics tool to analyze and to inject
traffic in the MSN protocol. It has features such as:
* Decoding of text conversations
* Decoding of video conversations
* Spoofing messages
* Hijacking sessions
* Shutdown users
* Reports in HTML format
* Save video stream in AVI format
* Capture of contacts list
* Reading of pcap files
This came across the wire this morning.
download from http://sourceforge.net/projects/msnshadow
Israel Torres
MSN Shadow is a instant messaging forensics tool to analyze and to inject
traffic in the MSN protocol. It has features such as:
* Decoding of text conversations
* Decoding of video conversations
* Spoofing messages
* Hijacking sessions
* Shutdown users
* Reports in HTML format
* Save video stream in AVI format
* Capture of contacts list
* Reading of pcap files
This came across the wire this morning.
download from http://sourceforge.net/projects/msnshadow
Israel Torres
On Sat, Apr 12, 2008 at 11:07 AM, JAY <jay....@gmail.com> wrote:
Geoffrey Alexander
Apr 6, 2009, 12:00:27 PM4/6/09
to forens...@googlegroups.com
Dear Forensic Ideas,
Can anyone answer this question: is there such a thing as a programme that can track an IP address across the Internet, showing all the sites that a particular computer has visited?
Many thanks,
Geoffrey Alexander
Share your photos with Windows Live Photos – Free. Try it Now!
Can anyone answer this question: is there such a thing as a programme that can track an IP address across the Internet, showing all the sites that a particular computer has visited?
Many thanks,
Geoffrey Alexander
Share your photos with Windows Live Photos – Free. Try it Now!
Larry Moss
Apr 6, 2009, 3:17:00 PM4/6/09
to Forens...@googlegroups.com
If you are looking at a particular computer you can view the Index.dat file determine where the user visited. As far as following an IP address, you would run into issues at the gateway where the packet leaves the network because the internal IP may be changed to reflect that of the gateway router.
Max
Apr 6, 2009, 5:33:14 PM4/6/09
to Forens...@googlegroups.com
there is no such thing Big Brother !
Unless you hack the guy's computer but I'm pretty sure it's not legal... ;)
amy hyche
Apr 28, 2009, 10:20:02 PM4/28/09
to forens...@googlegroups.com
HELLO,
Is it possible to bypass/or retrieve a windows password, without changing, or resetting?
Date: Mon, 6 Apr 2009 23:33:14 +0200
Subject: Re: IP tracking software
From: maxime....@gmail.com
To: Forens...@googlegroups.com
Is it possible to bypass/or retrieve a windows password, without changing, or resetting?
Date: Mon, 6 Apr 2009 23:33:14 +0200
Subject: Re: IP tracking software
From: maxime....@gmail.com
To: Forens...@googlegroups.com
Liu Si Guang
Apr 29, 2009, 7:55:26 AM4/29/09
to Forens...@googlegroups.com
There are a number of ways - the method is straight forward, your reasons for doing so may quickly cross over into the illegal area. Please provide more information.
lsg
From: amy hyche <amyd...@live.com>
To: forens...@googlegroups.com
Sent: Tuesday, April 28, 2009 10:20:02 PM
Subject: RE: IP tracking software
From: amy hyche <amyd...@live.com>
To: forens...@googlegroups.com
Sent: Tuesday, April 28, 2009 10:20:02 PM
Subject: RE: IP tracking software
Geoffrey Alexander
Apr 29, 2009, 6:48:40 PM4/29/09
to forens...@googlegroups.com
According to this search result, iOpus Password Recovery should do the trick:
iopus.com/password_recovery.htm
There are other tools too:
loginrecovery.com
windowspasswordforgot.com
about.com:
Ophcrack Windows password cracker "is by far the best free Windows password recovery tool available"
about.com (cont):
"Offine NT Password & Registry Editor works basically the same as PC Login Now in that it erases your Windows password instead of recovering it. You can then simply log in to your account without entering a password."
The question is, can anyone use these programmes on any computer?
Geoffrey.
From: amyd...@live.com
To: forens...@googlegroups.com
iopus.com/password_recovery.htm
There are other tools too:
loginrecovery.com
windowspasswordforgot.com
about.com:
Ophcrack Windows password cracker "is by far the best free Windows password recovery tool available"
about.com (cont):
"Offine NT Password & Registry Editor works basically the same as PC Login Now in that it erases your Windows password instead of recovering it. You can then simply log in to your account without entering a password."
The question is, can anyone use these programmes on any computer?
Geoffrey.
From: amyd...@live.com
To: forens...@googlegroups.com
Subject: RE: IP tracking software
Date: Tue, 28 Apr 2009 22:20:02 -0400
</html
amy hyche
Apr 30, 2009, 3:24:43 PM4/30/09
to forens...@googlegroups.com
I think someone has been on my laptop. I have a desk top I use most of the time, the laptop is mostly for use when I'm out of town. Mysteriously, I cannot locate the windows cd, which I thought was in a locked file drawer, in my home office, and I don't remember creating a backup disk. There is a new user account I don't remember creating, or have access to. But my orignal password works, but I don't remember the admin-password, so that's why I was wondering if someone could bypass, or somehow retrieve my windows password without changing it.
Date: Wed, 29 Apr 2009 04:55:26 -0700
From: liusi...@yahoo.com
Date: Wed, 29 Apr 2009 04:55:26 -0700
From: liusi...@yahoo.com
Subject: Re: IP tracking software
dsoftware
May 1, 2009, 12:02:49 PM5/1/09
to Forensic Ideas
Is it possible that the Admin Password is blank?
On Apr 30, 2:24 pm, amy hyche <amyde...@live.com> wrote:
> I think someone has been on my laptop. I have a desk top I use most of the time, the laptop is mostly for use when I'm out of town. Mysteriously, I cannot locate the windows cd, which I thought was in a locked file drawer, in my home office, and I don't remember creating a backup disk. There is a new user account I don't remember creating, or have access to. But my orignal password works, but I don't remember the admin-password, so that's why I was wondering if someone could bypass, or somehow retrieve my windows password without changing it.
>
> Windows Live™ SkyDrive™: Get 25 GB of free online storage. http://windowslive.com/online/skydrive?ocid=TXT_TAGLM_WL_skydrive_042009
On Apr 30, 2:24 pm, amy hyche <amyde...@live.com> wrote:
> I think someone has been on my laptop. I have a desk top I use most of the time, the laptop is mostly for use when I'm out of town. Mysteriously, I cannot locate the windows cd, which I thought was in a locked file drawer, in my home office, and I don't remember creating a backup disk. There is a new user account I don't remember creating, or have access to. But my orignal password works, but I don't remember the admin-password, so that's why I was wondering if someone could bypass, or somehow retrieve my windows password without changing it.
>
> Date: Wed, 29 Apr 2009 04:55:26 -0700
> From: liusigu...@yahoo.com
> Subject: Re: IP tracking software
> To: Forens...@googlegroups.com
>
> There are a number of ways - the method is straight forward, your reasons for doing so may quickly cross over into the illegal area. Please provide more information.
>
> lsg
>
> To: Forens...@googlegroups.com
>
> There are a number of ways - the method is straight forward, your reasons for doing so may quickly cross over into the illegal area. Please provide more information.
>
> lsg
>
> From: amy hyche <amyde...@live.com>
> To: forens...@googlegroups.com
> Sent: Tuesday, April 28, 2009 10:20:02 PM
> Subject: RE: IP tracking software
>
> HELLO,
> Is it possible to bypass/or retrieve a windows password, without changing, or resetting?
>
> To: forens...@googlegroups.com
> Sent: Tuesday, April 28, 2009 10:20:02 PM
> Subject: RE: IP tracking software
>
> HELLO,
> Is it possible to bypass/or retrieve a windows password, without changing, or resetting?
>
> Date: Mon, 6 Apr 2009 23:33:14 +0200
> Subject: Re: IP tracking software
> From: maxime.spam...@gmail.com
> Subject: Re: IP tracking software
> To: Forens...@googlegroups.com
>
> there is no such thing Big Brother !
>
> Unless you hack the guy's computer but I'm pretty sure it's not legal... ;)
>
>
> there is no such thing Big Brother !
>
> Unless you hack the guy's computer but I'm pretty sure it's not legal... ;)
>
> On Mon, Apr 6, 2009 at 6:00 PM, Geoffrey Alexander <h1ever1b...@hotmail.com> wrote:
>
> Dear Forensic Ideas,
> Can anyone answer this question: is there such a thing as a programme that can track an IP address across the Internet, showing all the sites that a particular computer has visited?
> Many thanks,
> Geoffrey Alexander
>
>
> Dear Forensic Ideas,
> Can anyone answer this question: is there such a thing as a programme that can track an IP address across the Internet, showing all the sites that a particular computer has visited?
> Many thanks,
> Geoffrey Alexander
>
> Share your photos with Windows Live Photos – Free. Try it Now!
>
> _________________________________________________________________
>
> Windows Live™ SkyDrive™: Get 25 GB of free online storage. http://windowslive.com/online/skydrive?ocid=TXT_TAGLM_WL_skydrive_042009
M. Storm
May 1, 2009, 10:28:00 PM5/1/09
to forens...@googlegroups.com
If you are able to Login using the GUEST ACCOUNT; you can then run this keyfinder:
http://downloads.sourceforge.net/keyfinder/keyfinder.2.0.1.zip?use_mirror=osdn
If you do not have a guest account available then this software will allow you to blank the admin password:
http://home.eunet.no/pnordahl/ntpasswd/
Do read the FAQ and other available support pages before attempting this because the software boots into a minimal Command Line Linux environment and could be a little scary if you have not used DOS in the past. Lots of luck
Dan
http://downloads.sourceforge.net/keyfinder/keyfinder.2.0.1.zip?use_mirror=osdn
If you do not have a guest account available then this software will allow you to blank the admin password:
http://home.eunet.no/pnordahl/ntpasswd/
Do read the FAQ and other available support pages before attempting this because the software boots into a minimal Command Line Linux environment and could be a little scary if you have not used DOS in the past. Lots of luck
Dan
Subject: RE: IP tracking software
Date: Thu, 30 Apr 2009 15:24:43 -0400
I think someone has been on my laptop. I have a desk top I use most of the time, the laptop is mostly for use when I'm out of town. Mysteriously, I cannot locate the windows cd, which I thought was in a locked file drawer, in my home office, and I don't remember creating a backup disk. There is a new user account I don't remember creating, or have access to. But my orignal password works, but I don't remember the admin-password, so that's why I was wondering if someone could bypass, or somehow retrieve my windows password without changing it.
</html
Geoffrey Alexander
May 6, 2009, 8:56:03 AM5/6/09
to forens...@googlegroups.com
If by-passing or cracking Windows passwords is as easy as this, why bother setting them up at all?
Am I the only one to conclude that even a novice 'hacker' could access any 'password-protected' computer?
- Geoffrey.
From: mindst...@hotmail.com
Am I the only one to conclude that even a novice 'hacker' could access any 'password-protected' computer?
- Geoffrey.
From: mindst...@hotmail.com
Date: Fri, 1 May 2009 22:28:00 -0400
liusiguang
May 6, 2009, 9:12:23 AM5/6/09
to Forensic Ideas
I usually stay out of these discussions, however...
Let me ask you this - do you lock your house when you leave? your car?
Probably not, even though it is simple to bypass either. The
information is out there and if you apply enough energy, you can
acquire that information.
Assuming your answer to the above questions was "No", let's examine
the idea of '...a novice hacker..." breaking into any system. The
password mechanism is straightforward. The strength of a password is
in its length and complexity. A strong password would be able to
withstand a bruteforce attack long enough to render that kind of
attack useless. Crack times for a strong password are measured in
centuries with current hardware technologies.
Most people, however, do not use strong passwords, so the tools
mentioned work. The tradeoff is usually convenience - a short log-on
password that has meaning to the individual is most often used, and
the same password is used for other things as well.
This thread originally started with someone asking for help - and they
have received it. As we have not heard back, it must be assumed that
one of the suggestions worked, or the original request was not exactly
what it appeared to be.
OK - I feel better now...
Regards,
LSG
On May 6, 8:56 am, Geoffrey Alexander <h1ever1b...@hotmail.com> wrote:
> If by-passing or cracking Windows passwords is as easy as this, why bother setting them up at all?
>
> Am I the only one to conclude that even a novice 'hacker' could access any 'password-protected' computer?
> - Geoffrey.
>
> </html
>
> _________________________________________________________________
> Share your photos with Windows Live Photos – Free.http://clk.atdmt.com/UKM/go/134665338/direct/01/
Let me ask you this - do you lock your house when you leave? your car?
Probably not, even though it is simple to bypass either. The
information is out there and if you apply enough energy, you can
acquire that information.
Assuming your answer to the above questions was "No", let's examine
the idea of '...a novice hacker..." breaking into any system. The
password mechanism is straightforward. The strength of a password is
in its length and complexity. A strong password would be able to
withstand a bruteforce attack long enough to render that kind of
attack useless. Crack times for a strong password are measured in
centuries with current hardware technologies.
Most people, however, do not use strong passwords, so the tools
mentioned work. The tradeoff is usually convenience - a short log-on
password that has meaning to the individual is most often used, and
the same password is used for other things as well.
This thread originally started with someone asking for help - and they
have received it. As we have not heard back, it must be assumed that
one of the suggestions worked, or the original request was not exactly
what it appeared to be.
OK - I feel better now...
Regards,
LSG
On May 6, 8:56 am, Geoffrey Alexander <h1ever1b...@hotmail.com> wrote:
> If by-passing or cracking Windows passwords is as easy as this, why bother setting them up at all?
>
> Am I the only one to conclude that even a novice 'hacker' could access any 'password-protected' computer?
> - Geoffrey.
>
> From: mindstorm...@hotmail.com
> To: forens...@googlegroups.com
> Subject: RE: IP tracking software
> Date: Fri, 1 May 2009 22:28:00 -0400
>
> If you are able to Login using the GUEST ACCOUNT; you can then run this keyfinder:
>
> http://downloads.sourceforge.net/keyfinder/keyfinder.2.0.1.zip?use_mirror=osdn
>
> If you do not have a guest account available then this software will allow you to blank the admin password:
>
> http://home.eunet.no/pnordahl/ntpasswd/
>
> Do read the FAQ and other available support pages before attempting this because the software boots into a minimal Command Line Linux environment and could be a little scary if you have not used DOS in the past. Lots of luck
>
> Dan
>
> To: forens...@googlegroups.com
> Subject: RE: IP tracking software
> Date: Fri, 1 May 2009 22:28:00 -0400
>
> If you are able to Login using the GUEST ACCOUNT; you can then run this keyfinder:
>
> http://downloads.sourceforge.net/keyfinder/keyfinder.2.0.1.zip?use_mirror=osdn
>
> If you do not have a guest account available then this software will allow you to blank the admin password:
>
> http://home.eunet.no/pnordahl/ntpasswd/
>
> Do read the FAQ and other available support pages before attempting this because the software boots into a minimal Command Line Linux environment and could be a little scary if you have not used DOS in the past. Lots of luck
>
> Dan
>
> From: amyde...@live.com
> To: forens...@googlegroups.com
> Subject: RE: IP tracking software
> Date: Thu, 30 Apr 2009 15:24:43 -0400
>
> I think someone has been on my laptop. I have a desk top I use most of the time, the laptop is mostly for use when I'm out of town. Mysteriously, I cannot locate the windows cd, which I thought was in a locked file drawer, in my home office, and I don't remember creating a backup disk. There is a new user account I don't remember creating, or have access to. But my orignal password works, but I don't remember the admin-password, so that's why I was wondering if someone could bypass, or somehow retrieve my windows password without changing it.
>
> </html
> To: forens...@googlegroups.com
> Subject: RE: IP tracking software
> Date: Thu, 30 Apr 2009 15:24:43 -0400
>
> I think someone has been on my laptop. I have a desk top I use most of the time, the laptop is mostly for use when I'm out of town. Mysteriously, I cannot locate the windows cd, which I thought was in a locked file drawer, in my home office, and I don't remember creating a backup disk. There is a new user account I don't remember creating, or have access to. But my orignal password works, but I don't remember the admin-password, so that's why I was wondering if someone could bypass, or somehow retrieve my windows password without changing it.
>
> </html
>
> _________________________________________________________________
> Share your photos with Windows Live Photos – Free.http://clk.atdmt.com/UKM/go/134665338/direct/01/
Israel Torres
May 6, 2009, 10:01:46 AM5/6/09
to Forens...@googlegroups.com
Novice? Hacker? Hardly...
I frequently set up penetration challenges for my sons (ages 10/12) to build their skill set. They figured this out a year or two ago with the plethora of bootable SAM rt/crackers out there that slice through the system from 10 seconds to 30 minutes depending on which technique is applied.
Give someone a disk, pop it in and it does it all itself - it's so easy even a caveman can do it. (I had to say it).
Why set them up at all you ask? Well... you basically are relying on security through obscurity, keeping an honest man honest, and just raising the bar about a few centimeters... this mutt of a breed is what the world has been relying on - and why it gets pwn3d so often. :)
Israel Torres
Jeremy Pullicino
May 7, 2009, 10:14:23 AM5/7/09
to Forens...@googlegroups.com
Hi,
My 2 euro cents worth...
These methods assume you have physical access to the system - passwords do a good job of protecting access via the network/internet.
When your 'enemy' has physical access to the system there is very little you can do - if he wants he can steal your hard disk, or even destroy the computer - no passwords will protect from that...
If you have sensitive files on your PC then I recommend either storing them in a secure remote location, or using strong encryption on the files (note: EFS is not a good idea).
Best regards,
Jeremy Pullicino
Security Consultant
My 2 euro cents worth...
These methods assume you have physical access to the system - passwords do a good job of protecting access via the network/internet.
When your 'enemy' has physical access to the system there is very little you can do - if he wants he can steal your hard disk, or even destroy the computer - no passwords will protect from that...
If you have sensitive files on your PC then I recommend either storing them in a secure remote location, or using strong encryption on the files (note: EFS is not a good idea).
Best regards,
Jeremy Pullicino
Security Consultant
Stefan Engelbert
May 7, 2009, 12:28:27 PM5/7/09
to Forens...@googlegroups.com
Why is EFS not a good idea?
From:
Forens...@googlegroups.com [mailto:Forens...@googlegroups.com] On Behalf Of Jeremy Pullicino
Sent: Thursday, May 07, 2009 4:14
PM
To: Forens...@googlegroups.com
Subject: Re: IP tracking software
Hi,
Reply all
Reply to author
Forward
0 new messages