DennisMcr wrote:
I think it says "password not required" when one is required on a Windows 7 Home Premium, Version 6.1, SP1 machine. This applied to 2 user accounts on the same computer.
My reasons for saying this are:
Ophcrack has found a password.
There is a password hint.
There was an incorrect password logon attempt at 07:49
There was a logon at 07:55
The computer was seized at 08:30
ForensicUserInfo also says a password is required.
Unfortunately I'm unable to VM this computer.
If you're able to show/demo that the flag setting is incorrectly represented, please do so and I'll be more than happy to address it.
The "password not required" entry is a flag setting, and means simply that...that a password is not required:
http://technet.microsoft.com/en-us/library/cc755423(v=ws.10).aspx
It does NOT mean that the account does not have a password...it means that if account policies are set on the system, with respect to password complexity, length, etc., that they do not apply to that account. That's all it means. Again, it does NOT mean that the account does not have a password.
There is a sidebar on Pg 93 of "Windows Registry Forensics" that addresses this setting.
↧