Hacker question

The husband of a friend of my downstairs neighbor recently died. His widow has asked my neighbor if there is any way to log into her deceased husband's computer if she does not know the password. Apparently there is information on the computer that would help her deal with her husband's passing.

I told her (my neighbor) that it was unlikely that there would be any reasonable way to access the information. Was I correct? The neighbor will bring the computer to me, but I haven't the faintest idea of how I might proceed.

Is there a way within my capabilities and resources to retrieve data from the computer?

This is legitimate, my neighbor is 100% trustworthy.

tanstaafl.

Depends on whether the files are encrypted or not. If they are encrypted with the Windows file system encryption then you're pretty much stuck unless you can work out the password.

If it is just that you can't log in then that is fairly easy to bypass. There are plenty of CD boot disk images you can use that'll reset the administrator password for you.

You could also pull the drive and mount it as an extra on another machine, then poke through the files as you like.
You won't be able to run any of the software he had, though.

Ah! Now, that I can do. My Vantec external dock will read 3.5 or 2.5 disks (I don't know if the computer is a laptop). Chances are the files she wants to read will be common, .xls or .doc and I'll be able to read them.

tanstaafl.

Edit: Nice idea while it lasted. My external dock is for SATA drives, and the computer is an ancient Dell with two 80-GB IDE drives. I guess I better try the admin password cracker stuff... which will be a neat trick because my CD burner will no longer burn CDs, only DVDs, and this computer has only a gigantic (6" x 8") CD player/burner.

db

And, of course, this is assuming none of the files are encrypted as was noted earlier.

I transfer files from old hard drives for people pretty often. Can someone explain to me the following:

If I connect a drive that had Vista or 7 on it to another Vista or 7 computer (or, I think, if I connect an XP drive to an XP machine), I'm denied access to the user folder.

However, every time I've connected a drive that had XP on it to a Vista or 7 computer, I'll open the user's folder, get a brief message saying it's protected or something, and then the system works for a little bit and voilà, I have access to the folder and all unencrypted files within.


By the way, isn't there a tool that you can throw on a Linux live CD that will crack an XP password? That might help Doug in this process, and you'd have access to everything...

The SID that owns the directory doesn't exist on your computer but it won't ignore the ACLs on the directory either. You have to tell it to take ownership. Only problem with this is if you try and plug the drive back into the PC and boot off it. It won't like the changed owner.

Ah, thanks. No worries, though, I've only ever done this on systems that have died and needed files recovered.

Well, don't I feel silly. I connected everything and turned on the power to see what options I might have, maybe there was an unprotected admin user or something... and the computer booted right up into Windows XP. There was no log-in password set.

So, now I have to try and find out why everyone was convinced that the computer was password protected. I couldn't (admittedly with just a cursory look) find any applications that were protected.

Curiouser and curiouser.

tanstaafl.

Ha! Hurrah for simple solutions!

Are the family members computer literate? Perhaps they simply don't understand.

What files are they looking for? Maybe they're protected by Word or whatever? Or its an accounting package that has a password?

I would go with that one based on personal experience

Literate to the point of realizing that the monitor isn't the television set. No more than that.

tanstaafl.

So the passworded information could easily be a website...

Maybe, but unlikely. I saw no evidence of sophistication on the part of the user. The My Documents file was a mish-mash of jpgs, anti-virus logs, empty folders, etc. I'm not sure he knew what the Del key was for. The entire desktop was taken up with shortcuts to internet URLs, apparently he didn't know about or maybe just didn't like the idea of bookmarks. I'll say one thing, though: he must have had fabulous reflexes. The mouse was set up so "hot" that I could barely click on anything. Move the mouse an inch and the cursor would go two thirds of the way across the screen. (I fixed that in control panel)

There was no hint of financial management programs that I could find, not even Quicken or similar. Closest thing was a link to a Merill Lynch website for stock market prices.

So, I think the computer is going to be pretty much a dead end. (no pun intended)

tanstaafl.

Don't feel silly. And elderly woman once called me to her home because her computer was asking for a password when it hadn't before. Sure enough, I turned the PC on and Windows asked for a login password. We tried for about fifteen minutes to step through all the possibilities she might have used.

Then, at some point, my finger slipped and hit the enter key. The password was blank.

Sorry I got here late but glad it was that simple :-)

For future info, very easy to boot off a linux CD such as backtrack (free) and tell it the admin password is blank. This doesn't yet work for Windows 7, but does for the other flavours.

Very simple to do as well - the instructions come with Backtrack and it takes about 5 commands.