Description:
============:
This course explains forensic artifacts found in the SAM (Security Account Manager) file, which stores and organizes information about each user on a system.

Full Description:
================:
This course demonstrates how to identify each user account on a local machine using the relative identifier. Examiners can also learn to interpret username information including the users’ login dates, times and login count. The course will show how to identify the machine that the user account was created on, by interpreting a users’ SIDs (machine/domain identifiers) and recovering user password hashes.