Gunters' site

Quod non est in actis non est in mundo




The user passwords are stored in a hashed format in a registry hive either as a LM hash or as a NTLM hash. This file can be found in %SystemRoot%/system32/config/SAM and is mounted on HKLM/SAM.

%SystemRoot%/system32/config/SAM and is mounted on HKLM/SAM.

The use of dd

Cloning a partition

From physical disk /dev/sda, partition 1, to physical disk /dev/sdb, partition 1.

# dd if=/dev/sda1 of=/dev/sdb1 bs=64K conv=noerror,sync

Warning: If output file of= (sdb1 in the example) does not exist, dd will create a file with this name and will start filling up your root file system!

Cloning an entire hard disk

From physical disk /dev/sdX to physical disk /dev/sdY

# dd if=/dev/sdX of=/dev/sdY bs=64K conv=noerror,sync