ForensicUserInfo
-
Price$0
- Website
ForensicUserInfo is a GUI tool that allows you to import registry files (requires the SAM, SOFTWARE and SYSTEM hives) and then extracts the user information from the various files and then decrypts the LM/NT hashes from the SAM file.The application can export the information to either CSV or HTML.
This would not have been possible without the posting at the Push the Red Button blog regarding the SYSKEY and the SAM file. The process used to encrypt/obfuscate the password hashes is a joke, in that it is over the top, since once you have the files (SAM and SYSTEM) then you can get the hashes.
ForensicUserInfo will extract the following information:
RID
Login Name
Name
Description
User Comment
LM Hash
NT Hash
Last Login Date
Password Reset Date
Account Expiry Date
Login Fail Date
Login Count
Failed Logins
Profile Path
Groups
Add a review