Recovering the outlook password from a non functional windows installation

[silviuvrx]

Hi !
I've a problem: one of our customer bring us his own computer with a non
functional windows xp installation for data recovery.

This computer have a windows xp SP2 with office 2003.

The only one thing we can't recover was the mail pop3 password:
the customer can't remember it and we are totally unable to recover !

This password is for some statal organization and the customer absolutely refuse
to ask them for reset the password.

I've tried with another computer and seem that the outlook password is recorded
there:

C:\Documents and Settings\tbaroni\Dati
applicazioni\Microsoft\Protect\S-1-5-21-1614895754-688789844-854245398-1003

the file have a casual name like: 010b9592-8a54-49df-b43a-028ccdfc4fb9

How do can I recover the password from this file ?

I know a little utility from Nir Sofer site, mailpv.exe that can recover the
outlook password in one second from a working windows system, there are some
that can recover the password from dead ones ?


==============================
remove x to contact me

 

[Roady [MVP]]

I'd tell him to get over it and simply ask for the password reset which
should take only a matter of seconds.

One could wonder how legal the stuff is that he requests you to do
especially with an account belonging to the sate. We got a nice story here
in Holland how a state computer ended up standing "broken" on the side walk
with some passer-by picking it up, hacking the crap out of it and retrieving
some very sensitive government data.

 

[VanguardLH]

The only one thing we can't recover was the mail pop3 password:
the customer can't remember it and we are totally unable to recover !

This password is for some statal organization and the customer absolutely refuse
to ask them for reset the password.

You had better reconsider trying to divulge passwords. You don't know
that the account is actually their account. They might've hacked into
someone else's account or otherwise using it illegally and why they are
desparate that the e-mail provider not get involved. It's their choice
to hide from their e-mail provider. Obviously the login credentials are
only required to login, not to view a password-protected .pst file. So
it is their choice if they want to login or keep hiding from that e-mail
provider.

There is something definitely fishy going on with that customer. The
e-mails that are on their hard disk don't require the login password and
the .pst file is all that you should be expected to recover from their
host. A password on their .pst file is unrelated to a login password.
If you have recovered the .pst file and can open it in Outlook then your
data recovery is done. It should not be your roll to play their
for-hire hacker on an account for which you have no proof is theirs.

Did you get them to sign a legally binding indemnity waiver regarding
extraction of their data so you aren't liable for abetting access to
illegal content? Even with that, you should stipulate that you will
contact the e-mail provider to ensure that the customer does indeed have
an account with them. Once you tell the customer that you will be
contacting the e-mail provider for verification of their claimed account
status, they'll probably shut up and stop asking you to recover the
password. They're afraid for a reason in which you don't want to get
involved.

Do the data recovery, not the account recovery.

 

[Nikki Peterson]

I agree with the guys above. I will mention that you can look for
a tool called Cain & Abel.

Nikki Peterson