Hi ! someone can tell me if it is possible to capture with wireshark password of a locked computer (standby state)? Best Regards. vince66 This question is marked "community wiki". asked 09 May '16, 05:11  vince66 edited 09 May '16, 05:15  Jasper ♦♦ |
One Answer:
No, that's not possible. answered 09 May '16, 05:14 Jasper ♦♦ |
Dear Jasper, thanks very much for your replay. However, I want to be more precise. My need is to dump RAM memory of a locked computer (windows based) without rebooting it to retrieve forensic evidence ! There are several tools for the recovery of the admin's password but they needed the machine is booted. So I'm interesting to know if a network method exists to sniff the password via wireshark or to hacker the memory in a way. Replay is again no, that's no possible with wireshark ?
Thanks in advance.
Best Regards.
No it's still not possible, because the locked machine has no reason at all to transmit the password via network card (which would be required to record it with Wireshark).
Usually, if you need access to a locked PC you can try to access it via the usual Firewire DMA attacks, or using deep freezing techniques to retain information in RAM even after shutting down the PC (which is probably not realistic as it requires a professional forensic lab with the equipment to access the frozen RAM units)