Some Use Cases and Discussion

Bypassing Windows Login Passwords with CaptureGUARD Gateway for Forensic Acquisition

467 310 BlueRiSC

Live memory acquisition is becoming increasingly important for digital investigations. One of the biggest obstacles with memory acquisition, however, is that in many cases a computer under investigation is locked, requiring a password that is not available.

CaptureGUARD Gateway enables investigators to overcome this challenge by allowing them to log into a computer without knowing the password. Watch this video demonstration of CaptureGUARD Gateway unlocking XP, Vista, and Windows 7 computers.

To get a memory dump from a locked computer, an investigator could then simply run any memory acquisition software or utilize the WindowsSCOPE tool. For hardware-based memory acquisition there is a separate CaptureGUARD product available.