Using Helix for Forensics
I had come across
Helix -
Incident Response & Computer Forensics Live CD by e-fense
™ before, but hadn't done anything with it.
I read an article
An Introduction to Digital Forensics by BJ
Gleason in
Linux+DVD 3/2008
and decided to try it.
[ More Info ]
[/security/forensics]
permanent link
Regaining Access to Hidden Windows Account
I have a laptop running Windows XP Home Edition Service Pack 2 with one
"
hidden account", i.e. the account is
not visible on the Windows welcome screen, which shows the accounts one
can log into. I can log into that hidden account, by hitting Ctrl-Alt-Del and
then putting in the username for the hidden account and its password. But
a problem I have when I'm logged into that account and the screen saver
activates, is that when I hit a key or move the mouse to access the system
again, the system displays the welcome screen with the two visible
accounts, but then hitting
Ctrl,
Alt, and
Del won't
bring up the login window where I can type in the username for the hidden
account and its password.
The screen saver for the hidden account is set to the "Windows XP" screen
saver with "On resume, display Welcome screen" checked.
At
Hide user accounts from the Windows XP Welcome screen, one can
download a tool that makes it easy to hide and unhide accounts. The webpage
also mentions that the Ctrl-Alt-Del trick for logging into hidden accounts
has a a pitfall - "it will fail to work if a user is still currently logged in."
If I hit Ctrl-End, the cursor is placed in the passwod field for one of the
visible accounts, but hitting Ctrl-Alt-Del at that point has no effect
and I can't get back into the logged in account.
I've found I can get around this problem by logging into one of the
visible accounts and then immediately logging off that account. If I
then hit Ctrl-Alt-Del a couple of times, I get the "Log On to Windows" user
name and password prompt and can regain access to the hidden account under
which I'm already logged in.
[/os/windows/xp]
permanent link
