forensic

Recovering Windows Secrets and EFS Certificates Offline

By ,   @WOOT 2010
0 reaction(s) | 1357 downloads
Based on our reverse-engineering we show how DPAPI, the Windows API for safe data storage on disk work. Our analysis reveals that it is possible to recover all previous passwords used by any user on a system. We have implemented DPAPI data decryption and previous password extraction in a free and open-source tool called DPAPIck.
You liked it, share it !
Downloads
paper
slides
You might also like reading

Forensic 2010

Reversing DPAPI and Stealing Windows Secrets Offline

Forensic 2011

OWADE Offline Windows Analysis and Data Extraction

Blog 2011

Using the Microsoft Geolocalization API to retrace where a Windows laptop has been

Forensic 2011

Beyond files recovery OWADE cloud-based forensic

Forensic 2010

DPAPIck
Comments
About me
Researcher at Google, specializing in Internet security and privacy.
Latest blog posts
Latest social News
1 day ago
New "tool": HULK, Web Server DoS Tool - http://t.co/dWlcrq2v #security #pentesting #web
3 days ago
New survey: 19% of users use their browser private mode - http://t.co/2BTgm6SA #security #privacy #infosec #smo
3 days ago
19% of users use their browser private mode - http://t.co/ed2NqpaZ #security #privacy #infosec
4 days ago
Blizzard fixing GAME Australia's bankruptcy mess, giving Diablo 3 to those who preordered - http://t.co/JjpVm5X5 #d3 #diablo #diablo3
6 days ago
SessionJuggler Secure Web Login from an Untrusted Terminal Using Session Hijacking - http://t.co/IRQsBcVY #security #infosec #www2012...