Digital Forensics Tips & Tricks: Local User Accounts Membership
Find out what is in the field. For example, when you’re checking for some objects, you’ll have the ACLs.
I tested a few system registry analyzers. BTW if you know about such app, please write.
So I’m trying to understand the user account. All the hexes and course of course :)
Find Names node node:
')
Then, type a field:
Builtin \ Aliases node where you should all be enlisted:
You can read all the readable name:
If you want to go ahead, you’ll find out what you’re planning to do.
Ok guys, we are almost at the finish line. Now select the group of interest. ASCII name for group and the group description (inside orange rectangle). The lastest several lines contain information about group members (highlighted with green color):
And here is our user! Please note that users are stored in "little endian" format - 03 EB from right to left
Digital Forensics content!
I tested a few system registry analyzers. BTW if you know about such app, please write.
So I’m trying to understand the user account. All the hexes and course of course :)
Find Names node node:
')
Then, type a field:
Builtin \ Aliases node where you should all be enlisted:
You can read all the readable name:
If you want to go ahead, you’ll find out what you’re planning to do.
Ok guys, we are almost at the finish line. Now select the group of interest. ASCII name for group and the group description (inside orange rectangle). The lastest several lines contain information about group members (highlighted with green color):
And here is our user! Please note that users are stored in "little endian" format - 03 EB from right to left
Digital Forensics content!
Source: https://habr.com/ru/post/441410/
All Articles