Paper Tiger Posted February 5, 2016 Share Posted February 5, 2016 long story short: I had a box at work get compromised at and I pulled it off the network then initiated a forensic investigation. When the vendor came back with the report one section showed a memory dump of all the accounts on the box. All except one account showed their passwords encrypted, that last account showed the password in clear text in memory. What can I start looking up to understand how or why this would happen? I figured this would be a good place to ask this question. The PC is windows 7 and the account that had it's PW in clear text in the memory dump was domain admin. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.