Gain access to an MSWindows PC temporarily, no evidence

[Virchanza]

I had a look a the video recently post by pureh@te that showed how to use "chntpw" to reset the passwords on MSWindows profiles. It's great!

What I'm wondering though is whether the following would be possible:
1) Boot up BT4 on the victim PC
2) Use "chntpw" to reset all passwords, then simply boot up the PC normally and boot into MSWindows. Use the PC for whatever, type a document, copy a DVD.
3) When you're finished using the PC, reboot it and boot up BT4 again. Copy the old SAM file back.
4) Now reboot the PC normally into MSWindows, the old passwords should be back in place (I think!)

Will this work fine on all versions of XP, Vista and 7?

I'm looking for a way to use a Windows machine without leaving any evidence behind (I know things like file stamps will be changed but that's not a big deal, so long as there's no gaping evidence such as the fact that their normal password isn't accepted anymore!).

Or if anybody has any other idea on how to use an MSWindows PC without leaving evidence, I'd be happy to hear.

[prowl3r]

As far as I see it, if you boot winblows or you write a file, you will leave fingerprints.

As an alternative, you can download Konboot and boot from it. It will hack the system login to accept any password you type in. It works with both XP/Vista, not yet Seven. Then, review/clear logs and restore the original SAM.

You can, of course, boot linux (or Clonezilla) from RAM, clone the disk (dd command will do the job), play with it, and then restore de byte copy if you are really into it.

By the way, did you test the last script from the other thread?

[Virchanza]

Quote:

Originally Posted by prowl3r

As far as I see it, if you boot winblows or you write a file, you will leave fingerprints.

You're right, but this is just to fool your "average Joe". The average Joe doesn't go checking file stamps when he boots up MSWindows. If I really wanted to leave no footprints at all then I'd make a copy of the hard disk as you suggested.

Quote:

As an alternative, you can download Konboot and boot from it. It will hack the system login to accept any password you type in. It works with both XP/Vista, not yet Seven. Then, review/clear logs and restore the original SAM.

Cool I'm gonna take a look a Konboot now

Quote:

By the way, did you test the last script from the other thread?

Give me a minute and I'll go looking for that thread. . .