How to hack a Windows computer.
This is a composite question based on scenarios I hear regularly.
Someone passed away and left behind a password-protected PC containing files that are important for any number of reasons.
You may be able to get in. On the other hand, particularly if the deceased was security-conscious, you may not.
Become a Patron of Ask Leo! and go ad-free!
Accessing the deceased's computer
- Back up the computer’s hard disk if possible.
- Attempt to recover access to the Microsoft account online used to sign in to the computer (if they used one).
- Attempt to reset the administrator password on older machines.
- Access the data by removing the hard disk and using it as an external hard drive on another machine.
- Access the data by mounting the backup image as a virtual drive on another machine.
- Try a recovery service.
Good security is designed to prevent exactly this kind of access.
The goal of security
To put it bluntly, the goal of good security is to prevent exactly what you’re attempting.
We all want our machines to be secure from intrusion. We want our data to be protected. We want it to be accessible only to those individuals we’ve authorized to have access. When it comes to computers, unless arrangements have been made beforehand, there’s usually only one authorized user: ourselves.
That your intent is pure makes no difference to security or the technology used to implement it. It’s completely intent-agnostic: a break-in is a break-in.
And let’s be clear: you’re trying to break in.
Before you start: back up
Back up first, if you can.
In this case, though, you’ll need to back up a little differently than normal, since you can’t log in to the machine.
If you can, boot the computer from a rescue or emergency disc created by a backup tool like Macrium Reflect or EaseUS Todo. You’ll probably need to make that disc (or USB stick) on a different computer, but that’s OK. Once you boot from that media, you’ll be taken to the backup software on that media, where you can create a backup image of the computer’s hard disk.
Save that backup image somewhere, like an external hard drive.
Two things can prevent you from being able to do this:
- A UEFI configuration that prevents booting from anything other than the internal hard drive.
- An encrypted hard drive.
If either is the case, all I can recommend is proceeding with caution, as you’ll be doing so without a net. Missteps could permanently destroy the very data you’re attempting to recover. (Though if the only alternative is to give up, it might be worth the risk.)
Use a Microsoft account
If the computer uses a Microsoft account to log in, that’s where I’d start.
Of course, if you know the password to that Microsoft account, you’re done — you can use that to log in to the machine.
Assuming you don’t know the password, you can start a “forgot my password” process by trying to sign in to outlook.com on a different computer. If you can receive the email sent to the Microsoft account, you should be able to reset the password. After doing so, you can use the Microsoft account and the newly set password to sign in to the machine.
A couple of things can get in the way. Both can be worked around only if you also have access to the recovery information, accounts, or mobile phone associated with the account.
- The account could have two-factor authentication turned on.
- Microsoft could decide you need to jump through additional hoops for security reasons.
In all cases, if you have access to the account recovery information, you may be able to recover access to the account and set a new password. If you don’t, then this approach may not work.
As a last straw, you can check Microsoft’s article: Accessing Outlook.com, OneDrive and other Microsoft services when someone has died. (Warning: a court order may be required.)
Resetting the administrator password
On older versions of Windows, the technique outlined in I’ve Lost the Password to My Windows Administrator Account. How Do I Get it Back? — using a third-party tool to reset the machine’s administrator password — might work. In order to get in, you reset the password and enable the administrator login, or possibly reset the password for the login account itself.
Once again, Windows 10 itself and the machine’s UEFI configuration may prevent this approach from working.
Don’t log in #1: remove the drive
If all you want is the data on the drive, and not the installed programs or Windows itself, another approach is to physically remove the drive and attach it to another system. My recommendation would be to place it into an external USB enclosure you can attach to any machine you like.
Using that other machine, then, you can explore the contents of the hard drive and extract whatever you need.
Windows file permissions may get in the way. How Do I Gain Access to Files Windows Says I Don’t Have Permission to Access? may help.
The big roadblock here would be if encryption had been used. Data encrypted via whole-drive or BitLocker methods is generally accessible only on the machine on which the data was originally encrypted.1 Third-party encryption tools would still require their respective passwords or phrases.
Don’t log in #2: use the backup image
If you were able to make a backup image when we began, you can “mount” that image on another machine and access it more or less as if it were the original drive, exploring the contents of the drive and extracting the information you find of value.
The same caveats apply here, though, as in the previous approach: if encryption has been used, things can get irrecoverably complicated.
Apply money: forensics
While not every barrier can be overcome, it’s possible that a good computer forensics and data recovery service may be able to help. Bypassing passwords, for example, might be possible, but cracking well-implemented encryption is highly unlikely.
These services are rarely cheap, however. Electing to give one a try would be an approach I’d take only after exhausting my alternatives and deciding it was really going to be worth it.
Naturally, you have the machine you have in the state that it’s in, and it’s too late to talk about prevention for the case at hand.
But this is an opportunity to prevent this from happening to someone else. There are several approaches to allow secure emergency access to computers, equipment, and even online accounts in the event of your demise. It doesn’t even have to be a death; a protracted severe illness or injury could result in the same desire: the ability for someone else to access critically important information.
My article Preparing for the Ultimate Disaster discusses preparations to consider in more detail.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Footnotes & References
1: Yes: had the BitLocker key been saved somewhere else, the drive could potentially be accessed. There are many different things the original computer owner could have done to make this easier, but for the sake of this article, I’m assuming none of them happened.