From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response
Unlock the full course today
Join today to access over 22,400 courses taught by industry experts or purchase this course individually.
Password forensics
From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response
Password forensics
- [Instructor] Password cracking is a valuable tool for attackers and it also plays a role in the forensic analysis toolkit. Cybersecurity analysts conducting a forensic analysis, may uncover password files stored on disc and can use password cracking tools to attempt to retrieve the passwords from those files. Let's take a look at how passwords are stored and how we can use password cracking utilities to access stored passwords. On Linux systems password files contain user credentials. When a user attempts to log into a system, the login process checks the password file to determine whether the password is valid. Now, of course the file doesn't simply contain a copy of the password. That would be an easy target for attackers, and it would allow system administrators to know all of the user passwords on a system. Instead, the password file contains a password hash, shown here, that's computed using a one-way function. When…
Contents
-
-
-
-
-
-
Conducting investigations3m 50s
-
Evidence types3m 28s
-
Introduction to forensics3m 21s
-
System and file forensics4m 26s
-
File carving3m 46s
-
Creating forensic images5m 30s
-
Digital forensics toolkit2m 25s
-
Operating system analysis6m 9s
-
Password forensics7m 16s
-
Network forensics4m 1s
-
Software forensics4m 25s
-
Mobile device forensics1m 10s
-
Embedded device forensics2m 30s
-
Chain of custody1m 50s
-
Ediscovery and evidence production3m 3s
-
Exploitation frameworks6m 4s
-
-