Re: LophtCrack and SAM Passwd

[jm <jm () hcn com au>]

Hi Bill,

I'm not a lawyer, but first thing i'd be doing is taking an image of the 
disk with dd or similar, and working on the image rather than the 
original disk, otherwise its use as evidence might be compromised.

Cheers,

Jason

William Woodhams wrote:
> I have a system that recently got hacked and the passwords on the
> machine were compromised.  I want to get back into this system for
> forensic reasons.  Unfortunately when I dumped the SAM file and tried
> cracking it with LophtCrack nothing worked.  I ran it for a good 10
> hours with no success on any account.  I was thinking maybe my word list
> was not big enough.  So the questions are:
>
> A.  Anyone have any good sources for large word lists?
> B.  Any other application for cracking SAM's that I have not thought of?
> I have ran it through a couple smaller security apps (names escape me at
> the moment.)
>
> Thanks,
>
> Bill Woodhams
>
>
>