TAILIEUCHUNG - Active Directory Offline Hash Dump and Forensic Analysis

Disclaimer The views, opinions and thoughts in this document are the views, opinions and thoughts of the author of the document and do not represent the views, opinions or thoughts of any past or current employer of the author or any other third person. The document is provided 'as is' without warranty of any kind. Use at your own responsibility. The software tools are provided for educational purposes only. | Active Directory Offline Hash Dump and Forensic Analysis Csaba Barta July 2011 Disclaimer The views opinions and thoughts in this document are the views opinions and thoughts of the author of the document and do not represent the views opinions or thoughts of any past or current employer of the author or any other third person. The document is provided as is without warranty of any kind. Use at your own responsibility. The software tools are provided for educational purposes only. Table of contents Active Directory Offline Hash Dump and Forensic Analysis Table of contents Introduction What is Obtaining and the registry Structure of Password hash encryption used in Active Directory Password Encryption Key Password Hash Decryption Decrypting the password hash history Forensic analysis of user objects stored in Important fields Tools developed by the author Future work Introduction The author participated in a project where it was required to extract the password hashes from an offline NTDS. DIT file. After searching the Internet for an available tool the author found that there was no open source tool. Because of that the author decided to research the internals of password encryption and storage of Active Directory and create a tool for the forensic community. A debt of gratitude to the author s colleague Laszlo Toth http who helped a lot in researching the encryption algorithms used during password storage. Thank you Laszlo

TỪ KHÓA LIÊN QUAN
TAILIEUCHUNG - Chia sẻ tài liệu không giới hạn
Địa chỉ : 444 Hoang Hoa Tham, Hanoi, Viet Nam
Website : tailieuchung.com
Email : tailieuchung20@gmail.com
Tailieuchung.com là thư viện tài liệu trực tuyến, nơi chia sẽ trao đổi hàng triệu tài liệu như luận văn đồ án, sách, giáo trình, đề thi.
Chúng tôi không chịu trách nhiệm liên quan đến các vấn đề bản quyền nội dung tài liệu được thành viên tự nguyện đăng tải lên, nếu phát hiện thấy tài liệu xấu hoặc tài liệu có bản quyền xin hãy email cho chúng tôi.
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.