How to hack a Windows computer.
This is a composite question based on scenarios I hear regularly.
Someone passed away and left behind a password-protected PC containing files that are important for any number of reasons.
You may be able to get in. On the other hand, particularly if the deceased was security-conscious, you may not.
Become a Patron of Ask Leo! and go ad-free!
Accessing the deceased's computer
- Back up the computer’s hard disk if possible.
- Attempt to recover access to the Microsoft account online used to sign in to the computer (if they used one).
- Attempt to reset the administrator password on older machines.
- Access the data by removing the hard disk and using it as an external hard drive on another machine.
- Access the data by mounting the backup image as a virtual drive on another machine.
- Try a recovery service.
Good security is designed to prevent exactly this kind of access.
The goal of security
To put it bluntly, the goal of good security is to prevent exactly what you’re attempting.
We all want our machines to be secure from intrusion. We want our data to be protected. We want it to be accessible only to those individuals we’ve authorized to have access. When it comes to computers, unless arrangements have been made beforehand, there’s usually only one authorized user: ourselves.
That your intent is pure makes no difference to security or the technology used to implement it. It’s completely intent-agnostic: a break-in is a break-in.
And let’s be clear: you’re trying to break in.
Before you start: back up
Back up first, if you can.
In this case, though, you’ll need to back up a little differently than normal, since you can’t log in to the machine.
If you can, boot the computer from a rescue or emergency disc created by a backup tool like Macrium Reflect or EaseUS Todo. You’ll probably need to make that disc (or USB stick) on a different computer, but that’s OK. Once you boot from that media, you’ll be taken to the backup software on that media, where you can create a backup image of the computer’s hard disk.
Save that backup image somewhere, like an external hard drive.
Two things can prevent you from being able to do this:
- A UEFI configuration that prevents booting from anything other than the internal hard drive.
- An encrypted hard drive.
If either is the case, all I can recommend is proceeding with caution, as you’ll be doing so without a net. Missteps could permanently destroy the very data you’re attempting to recover. (Though if the only alternative is to give up, it might be worth the risk.)
Use a Microsoft account
If the computer uses a Microsoft account to log in, that’s where I’d start.
Of course, if you know the password to that Microsoft account, you’re done — you can use that to log in to the machine.
Assuming you don’t know the password, you can start a “forgot my password” process by trying to sign in to outlook.com on a different computer. If you can receive the email sent to the Microsoft account, you should be able to reset the password. After doing so, you can use the Microsoft account and the newly set password to sign in to the machine.
A couple of things can get in the way. Both can be worked around only if you also have access to the recovery information, accounts, or mobile phone associated with the account.
- The account could have two-factor authentication turned on.
- Microsoft could decide you need to jump through additional hoops for security reasons.
In all cases, if you have access to the account recovery information, you may be able to recover access to the account and set a new password. If you don’t, then this approach may not work.
As a last straw, you can check Microsoft’s article: Accessing Outlook.com, OneDrive and other Microsoft services when someone has died. (Warning: a court order may be required.)
Resetting the administrator password
On older versions of Windows, the technique outlined in I’ve Lost the Password to My Windows Administrator Account. How Do I Get it Back? — using a third-party tool to reset the machine’s administrator password — might work. In order to get in, you reset the password and enable the administrator login, or possibly reset the password for the login account itself.
Once again, Windows 10 itself and the machine’s UEFI configuration may prevent this approach from working.
Don’t log in #1: remove the drive
If all you want is the data on the drive, and not the installed programs or Windows itself, another approach is to physically remove the drive and attach it to another system. My recommendation would be to place it into an external USB enclosure you can attach to any machine you like.
Using that other machine, then, you can explore the contents of the hard drive and extract whatever you need.
Windows file permissions may get in the way. How Do I Gain Access to Files Windows Says I Don’t Have Permission to Access? may help.
The big roadblock here would be if encryption had been used. Data encrypted via whole-drive or BitLocker methods is generally accessible only on the machine on which the data was originally encrypted.1 Third-party encryption tools would still require their respective passwords or phrases.
Don’t log in #2: use the backup image
If you were able to make a backup image when we began, you can “mount” that image on another machine and access it more or less as if it were the original drive, exploring the contents of the drive and extracting the information you find of value.
The same caveats apply here, though, as in the previous approach: if encryption has been used, things can get irrecoverably complicated.
Apply money: forensics
While not every barrier can be overcome, it’s possible that a good computer forensics and data recovery service may be able to help. Bypassing passwords, for example, might be possible, but cracking well-implemented encryption is highly unlikely.
These services are rarely cheap, however. Electing to give one a try would be an approach I’d take only after exhausting my alternatives and deciding it was really going to be worth it.
Naturally, you have the machine you have in the state that it’s in, and it’s too late to talk about prevention for the case at hand.
But this is an opportunity to prevent this from happening to someone else. There are several approaches to allow secure emergency access to computers, equipment, and even online accounts in the event of your demise. It doesn’t even have to be a death; a protracted severe illness or injury could result in the same desire: the ability for someone else to access critically important information.
My article Preparing for the Ultimate Disaster discusses preparations to consider in more detail.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Download (right-click, Save-As) (Duration: 12:42 — 14.6MB)
Footnotes & References
1: Yes: had the BitLocker key been saved somewhere else, the drive could potentially be accessed. There are many different things the original computer owner could have done to make this easier, but for the sake of this article, I’m assuming none of them happened.
21 comments on “How Do I Access the Computer of Someone Who’s Passed Away?”
Gaining access to the computer is only one hurdle. Much of the information you need to retrieve may be stored in cloud accounts. If the person used a password manager then unless you have the master password you have real problems. Any passwords will likely be unguessable. Best advice for elderly or infirm relatives who trust you; have them write down all the relative passwords and store them in a safe place, then tell you where they are.
LastPass has what I consider to be a good system. You can designate individuals (by email address) as recovery contacts. They can *request* access to your vault. You have a configurable amount of time (usually days) to say no. If you’re unable to say no they get access to your vault. (You can also “un-designate” should your relationships change.)
My suggestion, as I get older and slower, would be to back up to or store all documents to an external USB (in my case, a WD 4TB My Book). A password file could be stored to a smaller thumb drive and both could be stored in a personal safe or even a safe deposit box. Having two each of these devices would allow you to rotate your backups or changed passwords.
May I have your permission to post this article to my Facebook timeline? There are several people that I personally know that will benefit from this article. And, no telling how many others may benefit from reading this article.
You can and in fact are encouraged to share LINKS to the article on Facebook and all social media. :-)
Creating a USB-based “live CD” from Ubuntu (or other Linux OS) and then booting to Ubuntu might allow you to see/read what’s on the Windows C drive if it’s not encrypted. This has saved me in the past.
It’s why I always keep a Linux Live USB and CD (for those awkward times I can’t get the computer to boot froma USB) in my essentials kit. Yes, it is always Ubuntu but there are plenty of Linux alternatives.
This article inspired me to write a short (1/2 page) document giving info about getting access to my computer, telling where passwords are, and even some info about where various sets of data are in my file system.
I printed a copy of this and included it in the file folder with my Will — a likely place for my executor to look.
Good idea for everyone to do this — right now, it only takes a few minutes.
While we are thinking of this topic, and making plans for our inevitable passing, I would point out that we need to consider carefully where we store the passwords etc.
A bank safety deposit box may seem the safest place to safely store a list of passwords etc. but my understanding is that it will be sealed once the bank know of the renters death, even if you are a joint renter of the box.
Regarding the instructions described in “Don’t log in #1: remove the drive” and “Don’t log in #2: use the backup image,” are you saying to follow those instructions IF we were not able to reset the PC’s administrator password using a third party tool?
The “Don’t Log in”s are another way of saying “if you can’t log in”
Since computer files and software can become corrupt or incompatible (or be too difficult for the family to use), and flash and portable hard drives can malfunction, your thoughts on putting a simple paper copy of your passwords and other important documents in a very safe place in order to not be totally at the mercy of technology?
As long as you’re ABSOLUTELY CERTAIN that the paper will only be seen when it’s needed, and by whomever legitimately needs it, sure. The problem here is keeping it up to date. I prefer a combo: put your password vault password on paper, (or, for example, use LastPass’s trusted friend approach). That way everything else is by definition up to date.
This article is so helpful- I am the administrator of my deceased friend- He left all info in his computer as to the estate.( including all passwords).
He was a code writer and I believe access would be encrypted – I am a layman as to computer access, however with out- I fear the estate can not be settled in a timely manner. Could you recommend several bonded data recovery/forensics firms that may be able to assist- We are in the New York City – and my quest for such has not been fruitful. Again- much thanks for such an important topic
Best to you!!
I’m afraid I have no recommendations. I can’t keep track of so many possibilities all over the planet I’m afraid. Your estate attorney may have some references.
We have been holding on to the laptop of my deceased Aunt for 3 years now. We have tried every conceivable thing to figure out the password to no avail. When she passed it was sudden n unexpected so nothing was in place to do anything about it. We only want to use the laptop, she had only owned it a few months when she passed n would likely not have pictures or any other important documents that we need. My father (this was his sister’s machine) simply wants to be able to use it as his current computer is a dinosaur lol. Can we just whitewash it from the boot up process without the password? Thank you.
Absolutely. You’ll simply need a Windows installation disk (you can download a copy), an activation key (you may need to purchase a new one), and you can set up Windows from scratch. Alternately you can do the same with a free version of a Linux distribution at no cost, if you don’t need Windows specifically.
Thank you very much for your informed and quick reply Leo, thank you.
A client brought a surface pro 3 for me to repair and i cant get into it, it has both bitlocker encryption and a windows password both of which the client forgot, due to the bit locker encryption i cant even format the drive or get around the windows password, also the drive is built into the board it cant be removed. Any suggestions?
Only to contact Microsoft — in particular if you have a Microsoft store nearby they may be able to regain access.