Windows Registry Forensics - Advanced Digital Forensic Analysis of the Windows Registry by 2011

Author:2011 [2011]
Language: eng
Format: epub, mobi
Published: 2011-09-09T02:33:34.721000+00:00

98 Chapter 3 Case stUdIes: the sYstem

Figure 3 .5 selecting syskey Decoder In Cain tools menu Figure 3 . 6 boot key selected

When  the  Syskey  Decoder  dialog  appears,  select  the  button with the three dots in the “Boot Key (HEX)” box and navigate to the System hive that you extracted from the image. Once the file is selected, click Open in the Open dialog, and the “boot key” will appear in the text field, as illustrated in Figure 3.6.

Selected the boot key and hit Ctrl-C, copying the boot key to the clipboard, and then click the Exit key in the Syskey Decoder dialog. Next, in the main Cain window, click the Cracker tab, and then  highlight  “LM  &  NTLM  Hashes”  in  the  left-hand  pane,  as illustrated in Figure 3.7.

Now, click the blue plus sign that is located directly above the Sniffer tab. If the plus sign is grayed out, try clicking on NTLMv2

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.