OS is Vista SP1. I have a neighbor that has been a customer of mine for a while building/repairing her computers for a few years. Her 14yr old daughter has gotten her self in trouble with the law and has had 3 boyfriends over the age of 18yrs old. She has asked for me to collect and recover any useful data deleted or not off of her computer for the court. TestDisk & Photorec (Bless it's little heart) has helped me recover and "uncorrupt" massive amounts of data. (Highly advise it) Pictures and Docs. I have many programs that recover usernames and passwords that are very useful. When you recover data it needs to be copied to a separate drive for best results and not have anything over written. My question is for anyone that is experienced. How do you reestablish passwd history so my other programs can find them? For things like IM, MSN, IE history. She cleared her history with "advanced options" on last session. I wished she had a password for her Windows Admin, a protected doc, or I could have easily extracted the data from Ram Sticks if the PC wasn't cold from being shut down for 3 days. Then I could easily work off that sense most people use the same or variations of the same password. I'm at a loss I always get the passwords. First time to do this and not recover them.
There is a tool that resets Windows Admin passwords (works on Vista - used it before), just, i can't recall the name... and i doubt that's what you're looking for.... Other than that, Vista is pretty secure...
Offline NT Password & Registry Editor resets admin and user passwords, but only for system accounts. I'd be looking to use the recovery software to restore cookies and analyze the session data in them. Either that, or for MSN go to www.hotmail.com and hit up the 'Forgot your password?' button and see if the mother can answer the secret question. With a new password you'd be able to access her MSN account. Edit; for IE history, look for (or try to restore) index.dat files. I can't remember if IE8 even uses them anymore, but opened in notepad it'll give you a browsing paper trail to follow.
just had to rep you silver.. I like handy recovery 4 too put on a live cd/usb far as ie silver got it.. index.dat files hold the browsing history- to recover her msn messenger messages there's a article here http://computerforensics.parsonage.co.uk/downloads/MSNandLiveMessengerArtefactsOfConversations.pdf
My only suggestion is the "Forgot your password?" option from hotmail.com that silver suggested. Of course, depending on how the email address is set up, this could either be a secret question/answer (and chances are at 14, the girl won't have a terribly hard one, i.e. her mother should be able to guess it), or an email to another account with the password. The latter's more awkward, as it doesn't give you the email address (at least, I don't think so), but if it's the girl's only email address, then the last option can be fairly safely ruled out. Out of interest, if you're this woman's neighbour (and I'm assuming, friend), why have you been asked to get information from a computer if it's a matter involving the law? Don't the police normally do this thing?
Sounds more like a civil pursuit to me therefore i dont think the police are generally involved. Just lawers, and a court date.
Woo guys sorry. I gave up on this post a few days ago thinking no one would respond. Thanks for the responses. I logged in today and see I have private messages and post. Haha what a surprise. Not going to get to personal with my client/neighbor's issue but it is juicy hu? One guy is 23yrs old. The others defiantly over 18. She's 14 but looks 22 or older. I would be oiling the gun if it was my daughter. j/k She got in some trouble but nothing to do with her PC. The mother just wants me to prepare her for any decisions they make about these things, and as we all know, nothing is more personal than your PC. I was able to get into her Myspace account at least. The data recovery of personal pictures, cam pics, website images, documents, provided enough evidence about her activity's. The mother was limited to the time she could pay me. If she wants more later I could give it another go. But just the data recovery, corruption fix, and duplicate management took over six hours. I felt I found enough and ran out of time, so I did not work on it anymore. One of my posing problems was everything I did needed to go undetected by her daughter for when she came back from her relatives house and got back on her pc. Limited my options. Some personal programs I like; This program will by pass and go straight to the data and recover it. Also good for damaged non-bootable HDD. Photrec will un-corrupt pictures. TestDisk & Photorec http://www.cgsecurity.org/wiki/TestDisk_Download I'm sure everyone knows about Orphcrack. But there is another program out there that does not find the password but just lets you by pass it to get into a user profile called Kon-boot. Good for stealth and sooo easy. Kon-Boot http://www.piotrbania.com/all/kon-boot/ If anybody really has legitimate reasons to use any other type of methods and would like to take the time to learn some stuff I found Hak5 to be informative. They just had two episodes about "cold boot attack" on ram, it's easy to pull off. http://revision3.com/hak5 Also you can message me if it's for good reason. Other wise I found two things about peoples PC use. It's either boring, or you don't want to know. Leave your family and friends alone. Thanks, Silver51, thehippoz, and the rest of you. PS. Yes their was nude pics, I had to use my Eraser and option Guttman 35 pass to get rid of them. Can't have recoverable pics on my portable HDD next time I travel. Haha
lol....even though i get the irony of saying this i am waiting for one of you to say "Tits of GTFO" haha Just got to ask man, what the hell do you do for a living? +rep for the help on the PM btw!
