Accessing locked OS

[MGCS]

Hey all,

I was called recently by a client who buys/sells used goods from auction, like storage wars or auction hunters! She bought a locker that had a laptop in it and gave me a shout asking about getting inside it and evaluating the contents before doing a nuke / pave. I've had some tools on hand for bypassing the login for a bit, but i've never actually had to use them. Just freeware stuff I decided to add to my suite of tools a long while back, nothing has ever been tried or tested.

I didn't get any info on the OS or anything, but just figured i'd drop in and ask in general about the process and if anyone had some good pointers. Any specific tools for getting through login on XP, Vista, 7 etc. would be awesome.

I figured if I couldn't actually find any reliable tools, i'd just pull the HD and copy the contents onto my bench to do a quick overview before wiping the system. I'd like to think of it as a last resort though because i'm pretty interested in doing a sort of 'hack job' if you will

Sounds like fun! Let me know your thoughts.

 

[tf76]

I would like to give you an answer but unfortunately I want you to do a search through the forums more. This has been discussed a lot through the years.

Regards,

 

[mikemcg]

KonBoot will allow you to bypass any windows passwords.

Hard Drive or boot passwords are another matter.

 

[Martyn]

Id be wary giving people access to other people's data even if they got the laptop legitimately

 

[katz]

gave me a shout asking about getting inside it and evaluating the contents before doing a nuke / pave.

I don't understand why she feels the need to view the previous owner's data? If it were me, I would run a HD test first to ensure the health of the drive & then move on to a nuke/pave.

 

[lcoughey]

To put it into perspective, it is like saying, "my client found a bank card inside the locker she bought, can you tell me how to hack the PIN so I can see how much money is in the account?" The drive should be securely erased and tested before being used by the buyer. If they are concerned about giving it back to the original owner, I'm sure that they could drop it off at their local police station and allow them to figure it out.

 

[bitznpcz]

I agree with the above. This would be an offence in the UK in contravention with the Computer Misuse Act 1990 section 1 "unauthorised access to computer material". Laws in other countries vary, but not worth the risk...

 

[cypress]

I would be weary about this myself. If they got it legit then the info inside shouldn't worry them. Proceed with caution on this.

 

[lcoughey]

Further to my post, it should be noted that the drive could contain illegal material such as Child Porn. Another solid reason to wipe the drive ASAP.

 

[Markverhyden]

Agreed. Just because she got the computer does not mean she can legally use the documents and programs on the computer. Granted it's a laptop so the OS goes with the laptop. But other apps registered in the former owner's name or some other user are not her's. That would represent EULA violations.

So it's a nuke and pave. And properly nuked so there could be no chance of data recovery.

 

[MGCS]

Thanks all, I appreciate the insight on this.

 

[bitznpcz]

Here's some useful terminology from the Elcomsoft website:

Password recovery Programs - Legality

Password recovery programs offered on this Site are designed for legal purposes and they are legal as long as you use them for legal purposes. Thus, you can use ElcomSoft products provided that you are the legal owner of all files or data you are going to recover through the use of our software or have the right or permission from the legitimate owner to perform these acts. Any illegal use of our software will be solely your responsibility.

Accordingly, you affirm that you have the legal right to access all data, information and files that have been hidden.

You further attest that the recovered data, passwords and/or files will not be used for any illegal purpose. Be aware that illicit password recovery and the data decryption of unauthorized or otherwise illegally obtained files may constitute theft or another wrongful action and may result in your civil and/or criminal prosecution.

Perhaps Bryce could incorporate a Password Removal work order in the TN Business Kit v4 for us all to use??

 

[citizensmith]

This would be an offence in the UK in contravention with the Computer Misuse Act 1990 section 1 "unauthorised access to computer material".

?
If the OP is now the legal owner buy buying the container + contents then no foul IMHO. As for viewing the contents - no thanks. Just nuke it or delete profile \ old user data.

 

[frase]

Um NO I wouldn't go near it or deal with goods from this client again. The reason being legality, and legal action if something is found can come back to you. Why does the person need to access data which is not theirs?