Jump to content

Recommended Posts

Posted (edited)

I used KonBoot in the past, but did not have much luck with it.

Not as effective as Ophcrack is.

Bear in mind that Ophcrack has limitations. So if you want to have a good rate of success when cracking passwords, you better off generating your own rainbow tables or you can buy the tables.

http://www.freerainbowtables.com/

http://project-rainbowcrack.com/

Edited by Infiltrator
Posted
which will not write anything to the actual disk

Kon-boot patches memory. I don't think it ever touches the disk. I've had problems with Kon-boot on some machines too. I'm hoping they'll come out with an improved version soon (my 6 month whatevers expiring). Kon-boot is still very useful, being the only one of its kind to completely bypass the need to enter a password at logon... and it does it quickly... a lot faster than dealing with booting livecds.

Posted (edited)
Kon-boot patches memory. I don't think it ever touches the disk. I've had problems with Kon-boot on some machines too. I'm hoping they'll come out with an improved version soon (my 6 month whatevers expiring). Kon-boot is still very useful, being the only one of its kind to completely bypass the need to enter a password at logon... and it does it quickly... a lot faster than dealing with booting livecds.

Konboot patches the kernel on the fly. I cannot remember if any modifications are written to the disk. I was taught with my forensic courses to kind of always think in a manner that will not alter data and keeping things from being modified as much as possible. That in a forensic case will not only kill your reputation as a forensic examiner, but may cause legal issues for tampering with evidence.

Konboot just patches the kernel to avoid passwords. Same can be done with any linux live CD/DVD. I kind of don't understand the point in cracking user logins when you can just boot from a live CD/DVD and access all the files that way.

Edited by Mr-Protocol
Posted
Konboot patches the kernel on the fly. I cannot remember if any modifications are written to the disk. I was taught with my forensic courses to kind of always think in a manner that will not alter data and keeping things from being modified as much as possible. That in a forensic case will not only kill your reputation as a forensic examiner, but may cause legal issues for tampering with evidence.

Konboot just patches the kernel to avoid passwords. Same can be done with any linux live CD/DVD. I kind of don't understand the point in cracking user logins when you can just boot from a live CD/DVD and access all the files that way.

Good info, Thanks! But I think the point of something like kon boot would be great for loading a computer into its native OS and settings so that if someones grandma (or something) forgot there password they could get in and go through and backup things they want before formating or something like that. If you tried to get my grandma to boot a live CD and use linux to browes her folders she would prbably catch on fire haha :lol:

Posted

In the sense of data recovery. Don't give grandma a Admin account. Or at least know the password to the actual Administrator account so you can clear her password (why she has one in the first place i'll never know, can't remember to take pills).

Posted (edited)
Konboot patches the kernel on the fly. I cannot remember if any modifications are written to the disk. I was taught with my forensic courses to kind of always think in a manner that will not alter data and keeping things from being modified as much as possible. That in a forensic case will not only kill your reputation as a forensic examiner, but may cause legal issues for tampering with evidence.

Konboot just patches the kernel to avoid passwords. Same can be done with any linux live CD/DVD. I kind of don't understand the point in cracking user logins when you can just boot from a live CD/DVD and access all the files that way.

Since you have done the forensic course, are you able to say whether Ophcrack will leave any traces behind.

Edit: By the way, what was your forensic course titled, I am thinking in taking up one.

Edited by Infiltrator
Posted

Well I have taken 3 or 4 courses for an Associates in Computer Forensics and Data Recovery. We went over manually using a hex editor to read and repair partition tables, the chain of custody and lots of law on how to handle evidence; to having user policies and using FTK and Encase. There will soon be more as soon as my college gets the Bachelors polished out.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...