This Week's Newsletter
Featured: a very sad, but surprisingly common situation: getting access to the computer of someone who's no longer with us.
(Per popular sentiment: the links above now link to the articles in the newsletter below so you can decide whether or not to read further based on what you see here.)
As you can see, this is a composite question based on a scenario I hear from time to time.
A relative or acquaintance has passed away and left behind a password-protected PC containing files that are important for any number of possible reasons.
You may be able to get in. On the other hand, particularly if your late relative was security conscious, you may not.
The goal of security
To put it bluntly, the goal of good security is to prevent exactly what you're attempting.
We all want our machine to be secure from intrusion. We want our data to be protected. We want it to be accessible only to those individuals we've authorized to have access. When it comes to computers, there's usually only one authorized user: ourselves.
That your intent is pure makes no difference to security or the technology used to implement it. It's completely intent-agnostic: a break-in is a break-in.
And let's be very clear: you're trying to break in.
Before you start
You know I'm going to say this, so let's get it out of the way: back up first, if you can.
In this case, though, you'll need to back up a little differently than normal, since you can't log in to the machine.
If you can, boot the computer from the rescue or emergency disc created by a backup tool like Macrium Reflect or EaseUS Todo. You'll probably need to make that disc (or USB stick) on a different computer, but that's OK. Once you boot from that media, you'll be taken to the backup software, where you can create a backup image of the computer's hard disk.
Save that image somewhere.
There are two things that could prevent you from being able to do this: a UEFI configuration that prevents booting from anything other than the internal hard drive, or an encrypted hard drive. If either are the case, all I can recommend is that you proceed with caution, as you'll be proceeding without a net; missteps could permanently destroy the very data you're attempting to recover. (Though if the only alternative is to give up, it might be worth the risk.)
Using a Microsoft account
If the computer uses a Microsoft account to log in, that's where I'd start, particularly if you have access to that account online, or a device on which you can read email sent to that account.
If you can receive the email sent to the Microsoft account, you should be able to reset the account password. Since that account and account password would be used to log in to the machine, presumably you would then be able to log in to it as well. Problem solved.
Several things can get in the way. The account could have two-factor authentication turned on, in which case you'll need that second factor to change the password. Microsoft could decide that due to a change in how you're accessing the account, you need to jump through additional hoops, such as using alternate accounts or phone numbers you may not have access to, or security questions for which you don't know the answer. I often see this when people travel overseas, but what Microsoft is looking for to trigger this is unclear.
Resetting the administrator password
On older versions of Windows, the technique outlined in I've Lost the Password to My Windows Administrator Account. How Do I Get it Back? — using a third-party tool to reset the machine's administrator password — might work. In order to get in, you would reset that password and enable the administrator login, or possibly reset the password for the login account itself.
Once again, Windows 10 itself and the machine's UEFI configuration may prevent this approach from working.
Don't log in #1: remove the drive
If all you want is the data on the drive another approach is to physically remove the drive and attach it to another system. My recommendation would be to place it into an external USB enclosure you can attach to any machine you like.
Using that other machine, then, you can explore the contents of the hard drive and extract whatever you need.
The big roadblock here would be if encryption had been used. Data encrypted via whole-drive or BitLocker methods is generally accessible only on the machine on which the data was originally encrypted.1 Third-party encryption tools would still require their respective passwords or phrases.
Don't log in #2: use the backup image
If you were able to successfully make a backup image when we began, you can “mount” that image on another machine and access it more or less as if it were the original drive, exploring the contents of the drive and extracting the information you find of value.
The same caveats apply here, though, as in the previous approach: if encryption has been used, things can get irrecoverably complicated.
Apply money: forensics
While not every barrier can be overcome, it's possible that a good computer forensics and data recovery service may be able to help. Bypassing passwords, for example, might be possible, but cracking well-implemented encryption is highly unlikely.
These services are rarely cheap, however. Electing to give one a try would be a resort I'd take only after exhausting my own alternatives and deciding it was really going to be worth it.
Naturally, you have the machine you have in the state that it's in, and it's too late to talk about prevention for the case at hand.
But this is an opportunity to prevent this from happening to someone else. There are several approaches to allowing secure emergency access to computers, equipment, and even online accounts in the event of your demise. It doesn't even have to be demise — a protracted severe illness or injury could result in the same desire: the ability for someone else to access critically important information.
My article What Happens When I Die? discusses preparations to consider in more detail.
Related Links & Comments: How Do I Gain Access to My Deceased Relative's Computer?
It really, and I do mean really, depends on the specific nature of the hack.
But the short answer is yes, it's very likely your email address will be leaked as part of any significant hack or breach.
And that has nothing to do with the strength of your password.
But what happens next absolutely does.
Continue Reading: Will a Hacked Website Leak My Email Address?
Turning off the device is essentially the same as unplugging it, so the short answer is no, it's not a safe alternative.
Sometimes, a USB device appears to be in use for no apparent reason and cannot be stopped. I'll walk through some of the approaches you can take to removing the device while minimizing the risk of data loss.
Spoiler: pulling the plug or turning off the power aren't on the list.
Continue Reading: Is it Safe to Just Turn Off an External USB Drive Without "Safely Removing" First?
A feature exclusively available to Ask Leo! Patrons Bronze level & above.
- Tip of the Day: When In Doubt, Ask Someone Else
- Tip of the Day: Use Fewer Browser Extensions
- Tip of the Day: Pay Attention to the Entire Error Message
- Tip of the Day: Check Your Passwords for Hacks
- Tip of the Day: Drag and Drop a Shortcut to Your Desktop
- Tip of the Day: See Posts by Liked Pages First on Facebook
- Tip of the Day: Don't Delete, Archive Email
More Ask Leo!
Leo's Other Projects....HeroicStories Since 1999, HeroicStories brings diverse, international voices to the world ' reminding us that people are good, that individuals and individual action matter. Stories - new and old - are published twice a week.
Not All News Is Bad - Each day I look for one story in the current news of the day with a positive bent. Just one. And I share it.
leo.notenboom.org - My personal blog. Part writing exercise, part ranting platform, it's where I write about anything and everything and nothing at all.
Help Ask Leo! Just forward this message, in its entirety (but without your unsubscribe link below) to your friends. Or, just point them at https://newsletter.askleo.com for their own FREE subscription!
Newsletter contents Copyright © 2018,
Leo A. Notenboom & Puget Sound Software, LLC.
Ask Leo! is a registered trademark ® of Puget Sound Software, LLC