TOPIC: back tracing

I need to know what to do first to back trace the activities of a hacker if I just snatch his pc before he can cover his tracks.Some time I see cops in movies just enter an organisation and snatch a server. what are the things they do the system to recover past events-- something like explorer histories , cookies etc that sort of thing

sose

There are software you can use to recover deleted data. if you look in the net am sure ull fine some.

First you'll need a tool to crack or reset his OS password for you to login. I know about two ways:

1. Offline NT Password & Registry Editor, Bootdisk: home.eunet.no/pnordahl/ntpasswd/
This will let you create a boot disk that will eventually reset/blank his password so that you can login.

2. Ophcrack: ophcrack.sourceforge.net/
The liveCD version will try the most recent methods (rainbow attack if I recall right) to find out the hackers password. It will not reset it. But it can take some time to do the cracking.

Second, you'll need some tools too get out his info quickly. Check here: www.nirsoft.net/utils/index.html

Check the IECookiesView, IEHistoryView, MyLastSearch tools. There are many others that you might find useful. You'll be amazed!!

I feel like I'm teaching hacking here !!

Mutex
firstly I will like to welcome to this almighty forum

secondly, you have to realise that the criminal hackers use thesame tools as the non criminal hackers, because these tools are also useful for administratively troubleshooting networks. the gun is a good example

sose

sose,

Thanks, by the way I'm actually S0lo Been having problems with my account here, so I created a new one!!

Yup they use the same tools.

ah ha! you have really gone solo, I have actually made a similar post like this in the past before u resurrected as mutex.

when u were like "I feel I am teaching hacking" I thought you were trying to sell ur knowledge to the highest- the black hat dudes and the white hat dude

all thesame I welcome the newer version of solo