From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Password forensics

Password forensics

- [Instructor] Password cracking is a valuable tool for attackers and it also plays a role in the forensic analysis toolkit. Cybersecurity analysts conducting a forensic analysis, may uncover password files stored on disc and can use password cracking tools to attempt to retrieve the passwords from those files. Let's take a look at how passwords are stored and how we can use password cracking utilities to access stored passwords. On Linux systems password files contain user credentials. When a user attempts to log into a system, the login process checks the password file to determine whether the password is valid. Now, of course the file doesn't simply contain a copy of the password. That would be an easy target for attackers, and it would allow system administrators to know all of the user passwords on a system. Instead, the password file contains a password hash, shown here, that's computed using a one-way function. When…

Contents