Understand Microsoft Authentication in this article When users log in to the Windows pc, a series of steps is performed for user authentication. The Windows OS authenticates its users with the help of 3 mechanisms (protocols) provided by the Microsoft. SAM database Windows uses the sam info to manage user accounts and passwords within the hashed format (one-way hash). The system doesn’t store the passwords in plaintext format however stores them in hashed format in
Password Cracking Techniques in this article explain different types of password cracking techniques and tools. There are three popular techniques for password cracking: Method 1: Dictionary Attacks In a dictionary attack, a dictionary file is loaded into the cracking application that runs against user accounts. A dictionary is a text file that contains a number of dictionary words or predetermined character combinations. The program uses every word present in the dictionary to find the password.
Anti-Forensics Techniques: Password Protection in this A password refers to collection of words, letters, numbers, and/or special characters used for security processes such as user authentication or to grant access to a resource. The password ensures that unauthorized users do not access the computer, network resources, or other secured information. In addition, data files and programs may require a password. Password protection shields information, protects networks, applications, files, documents, etc., from unauthorized users. Many organizations
Recovering Deleted Partitions in this article explain how to recover delete partition and which of the tools using in it. What happens when deleting a partition? When a user deletes a partition from a hard disk drive, two things are possible: All data will be lost on that deleted partition or logical drive. In the case of a dynamic disk, deleting a partition can delete all the dynamic volumes on the disk, leaving the disk
Understand File Recovery in Mac OS X, MAC and Linux in this article explain Mac OS X, MAC and Linux file recovery methods and tools. In Mac OS X, data deletion can be possible due to the following reasons: Emptying the Mac Trash folder Using the Shift+Del keys Corruption in a hard drive Virus or Trojan Infection Unexpected system shutdown Software or hardware malfunction Recovering deleted files in Mac OS X has three methods: 1.
File Recovery Tools: Windows in this article explain different types of tools which are using in file recovery of windows. 1. Recover My Files Source: http://www.recovermyfiles.com Recover My Files data recovery software recovers deleted files emptied from the Windows Recycle Bin and files lost due to the format or corruption of a hard drive, virus or Trojan infection, and unexpected system shutdown or software failure. Features: Recovers files albeit emptied from the Recycle Bin data
Understand Anti-Forensics Techniques are the actions and methods that hinder the forensic investigation process in order to protect the attackers and perpetrators from prosecution in a court of law. These techniques act against the investigation process such as detection, collection, and analysis of evidence files and sidetrack the forensic investigators. These techniques impact the quality and quantity of the evidence of a crime scene, thereby making the analysis and investigation difficult. Anti-forensic techniques, which include
Understand Anti-forensics and their goals, also referred to as counter forensics, may be a set of techniques that attackers or perpetrators use so as to avert or sidetrack the forensic investigation process or attempt to make it much harder. These techniques negatively impact the number and quality of evidence from a criminal offense scene, thereby making the forensic investigation process difficult. Therefore, the investigator may need to conduct a few more additional steps so as
Understand Acquiring RAID Disks may be challenging for forensics examiners due to the RAID system design, configuration, and size. The greatest concern is the size of the RAID system, as many systems are growing into many terabytes of data. Copying small RAID systems to one large disk is possible with the availability of larger disks. Investigators should use a proprietary format acquisition with compression to store more data in small storage capacities. Acquiring RAID Disks
Understand Linux Standard Tools in this the forensic investigators use built-in Linux command dd to copy data from a disk drive. This command can create a bit-stream disk-to-disk copy and a disk-to-image file. It can copy any disk data that Linux can mount and access. Forensic tools like AccessData FTC and Hook, can read dd image files. In Linux, the advantage of dd command is its independence on any additional computer resources. The dd command
