Windows Forensics – Extract Password & Sensitive Data From Windows

windows forensics

Windows Forensics – Extract Password & Sensitive Data From Windows

Windows Forensics- In the cyber crimes, the attacker use some electronic devices like- Computer, Mobile, Storage Devices and some others devices. Microsoft windows still remains the most popular operating system for most computers. Most of the digital forensics software are developed for Windows system.

In the cyber crime, digital Forensics experts extract evidence from Windows includes, Devices logs, Data files, emails, software, volatile and nonvolatile information.


01. How To Extract Web Browser History

We can extract all web browsers history within seconds with some forensics tool on windows.

Step#1. First of all you need to download Web Browser History View tool from Nirsoft. Download and install it on your windows system.

Step#2. After installation, just open the software and click on OK. After that you will get all web history from all web browsers.

Step#3. Here you can see all searches and direct visits pages and dates and times with browser details.


02. WiFi History Forensics

By the way you had watched many video on WiFi Hacking, but I will tell you how to do WiFi network’s forensic investigation?
If you think like a Forensics expert, we will be able to know about different types of WiFi. You will probably know about a lot of information that you might not know. In this we will also know that the devices are connected to the angle, And how they are used ?

Terms Used During This Process

  • Mac Address
    SSID (Service Set Identifier)
    BSSIDs Identify Access Point And Their Client
    Event I’d, Event Record I’d
    Thread I’d to track unique data object as they pass through the system and to facilitate concurrent processing.
    Process ID.

Steps To WiFi History Forensic Investigation

So, every network has different access points in every network They cover the area from the network area.
So you need to download the a small size software for WiFi History Forensics Investigation which you can download from here.
After download that software install in your computer. Now here you can see a complete records of WiFi.

First of all install Wifi History tools and see in WiFi Connection Date in Event Date.

After that you will get the information that if WiFi is connected or not in Event Type. Then you will get Adapter Information in Adapter Name. In the next steps you will get Name of WiFi in Profile Name Section. After that you can check here Connection Disconnect Reason. And you can many more information about WiFi from this software.


03. How To Find Last Activities On Computer

Many times it happens that we work on a computer and delete its history Record, But history is saved somewhere in the computer. So how do we know about that information?

Step#1. First of you need to download MyLastActivite tool in windows, you can get it from nirsoft.

Step#2. After download unzip the zip file and install the tool.

Step#3. Now click on MyLastActivities application. Then it will show all activities information on system.


04. How To Find Evidence From USB Drive

Many times it happens that we get an idea like a laptop or desktop, And in that, we have to know which device the criminal has connected to it and what has worked.  I have already mentioned in the last article about obtaining information about Last Activities.

Today we will know which devices are connected to the computer and what has been done with them like- Camera, Pen Drive, USB Drive or Bluetooth Device.

Step#1. Just download the USBDrive tool from nirsoft and install it on your system.

Step#2. After that open the UDBDrive tool then you will get all history about all connected devices via USB port.

Step#3. It will show those devices which are could not connect with the system with any reasons.


05. How To Recover Account Password From Any Computer

Suppose, If you find a computer from a criminal and you want to know their login and passwords, Which site of the Criminal Surf and what are its login passwords ? Then you can follow these simple steps on their computer.

Step#1. First of all download and install DART software on the computer, Download for 64bit.

Step#2. After installation go-to Password section then you will get lots of password recovery tools on left side of this software.  Then choose ChromePass tool or any other password tool, then you will get a lots of list with Website name and their Username and Passwords.

Step#3. Now click on any website which website you want to login, then use these login details and then you can collect any other important evidence. If criminal use same email account on Computer and mobile then You will also be able to see the logins details made by his mobile.

So, these are some Windows forensics techniques, with these techniques you can collect very sensitive information from windows system. If you like this post then share it with your friends.

 SECZAP, provides the best Cyber Security & OSINT investigation solutions to tackle real-world Security threats.