I need to know what to do first to back trace the activities of a hacker if I just snatch his pc before he can cover his tracks.Some time I see cops in movies just enter an organisation and snatch a server. what are the things they do the system to recover past events-- something like explorer histories , cookies etc that sort of thing
First you'll need a tool to crack or reset his OS password for you to login. I know about two ways:
1. Offline NT Password & Registry Editor, Bootdisk:
This will let you create a boot disk that will eventually reset/blank his password so that you can login.
The liveCD version will try the most recent methods (rainbow attack if I recall right) to find out the hackers password. It will not reset it. But it can take some time to do the cracking.
firstly I will like to welcome to this almighty forum
secondly, you have to realise that the criminal hackers use thesame tools as the non criminal hackers, because these tools are also useful for administratively troubleshooting networks. the gun is a good example