How Do I Gain Access to My Deceased Relative’s Computer?

//
My {relative} passed away recently. I desperately need to gain access to the contents of their computer so I can recover {important financial documents}, {one-of-a-kind pictures}, {his or her last thoughts}, etc. The machine has a login password that he never shared with anyone. Can I get in? If so, how?

As you can see, this is a composite question based on a scenario I hear from time to time.

A relative or acquaintance has passed away and left behind a password-protected PC containing files that are important for any number of possible reasons.

You may be able to get in. On the other hand, particularly if your late relative was security conscious, you may not.

Become a Patron of Ask Leo! and go ad-free!

The goal of security

To put it bluntly, the goal of good security is to prevent exactly what you’re attempting.

We all want our machine to be secure from intrusion. We want our data to be protected. We want it to be accessible only to those individuals we’ve authorized to have access. When it comes to computers, there’s usually only one authorized user: ourselves.

Computer LockedThat your intent is pure makes no difference to security or the technology used to implement it. It’s completely intent-agnostic: a break-in is a break-in.

And let’s be very clear: you’re trying to break in.

Before you start

You know I’m going to say this, so let’s get it out of the way: back up first, if you can.

In this case, though, you’ll need to back up a little differently than normal, since you can’t log in to the machine.

If you can, boot the computer from the rescue or emergency disc created by a backup tool like Macrium Reflect or EaseUS Todo. You’ll probably need to make that disc (or USB stick) on a different computer, but that’s OK. Once you boot from that media, you’ll be taken to the backup software, where you can create a backup image of the computer’s hard disk.

Save that image somewhere.

There are two things that could prevent you from being able to do this: a UEFI configuration that prevents booting from anything other than the internal hard drive, or an encrypted hard drive. If either are the case, all I can recommend is that you proceed with caution, as you’ll be proceeding without a net; missteps could permanently destroy the very data you’re attempting to recover. (Though if the only alternative is to give up, it might be worth the risk.)

Use a Microsoft account

If the computer uses a Microsoft account to log in, that’s where I’d start, particularly if you have access to that account online, or a device on which you can read email sent to that account.

If you can receive the email sent to the Microsoft account, you should be able to reset the account password. Since that account and account password would be used to log in to the machine, presumably you would then be able to log in to it as well. Problem solved.

Several things can get in the way. The account could have two-factor authentication turned on, in which case you’ll need that second factor to change the password. Microsoft could decide that due to a change in how you’re accessing the account, you need to jump through additional hoops, such as using alternate accounts or phone numbers you may not have access to, or security questions for which you don’t know the answers. I often see this when people travel overseas, but what Microsoft is looking for to trigger this is unclear.

Resetting the administrator password

On older versions of Windows, the technique outlined in I’ve Lost the Password to My Windows Administrator Account. How Do I Get it Back? — using a third-party tool to reset the machine’s administrator password — might work. In order to get in, you reset that password and enable the administrator login, or possibly reset the password for the login account itself.

Once again, Windows 10 itself and the machine’s UEFI configuration may prevent this approach from working.

Don’t log in #1: remove the drive

If all you want is the data on the drive, another approach is to physically remove the drive and attach it to another system. My recommendation would be to place it into an external USB enclosure you can attach to any machine you like.

Using that other machine, then, you can explore the contents of the hard drive and extract whatever you need.

The big roadblock here would be if encryption had been used. Data encrypted via whole-drive or BitLocker methods is generally accessible only on the machine on which the data was originally encrypted.1 Third-party encryption tools would still require their respective passwords or phrases.

Don’t log in #2: use the backup image

If you were able to make a backup image when we began, you can “mount” that image on another machine and access it more or less as if it were the original drive, exploring the contents of the drive and extracting the information you find of value.

The same caveats apply here, though, as in the previous approach: if encryption has been used, things can get irrecoverably complicated.

Apply money: forensics

While not every barrier can be overcome, it’s possible that a good computer forensics and data recovery service may be able to help. Bypassing passwords, for example, might be possible, but cracking well-implemented encryption is highly unlikely.

These services are rarely cheap, however. Electing to give one a try would be an approach I’d take only after exhausting my own alternatives and deciding it was really going to be worth it.

Prevention

Naturally, you have the machine you have in the state that it’s in, and it’s too late to talk about prevention for the case at hand.

But this is an opportunity to prevent this from happening to someone else. There are several approaches to allow secure emergency access to computers, equipment, and even online accounts in the event of your demise. It doesn’t even have to be demise — a protracted severe illness or injury could result in the same desire: the ability for someone else to access critically important information.

My article What Happens When I Die? discusses preparations to consider in more detail.

Podcast audio

Play

Video Narration

Footnotes & references

1: Yes: had the BitLocker key been saved somewhere else, the drive could potentially be accessed. There are many different things the original computer owner could have done to make this easier, but for the sake of this article, I’m assuming none of them happened.

21 comments on “How Do I Gain Access to My Deceased Relative’s Computer?”

  1. Gaining access to the computer is only one hurdle. Much of the information you need to retrieve may be stored in cloud accounts. If the person used a password manager then unless you have the master password you have real problems. Any passwords will likely be unguessable. Best advice for elderly or infirm relatives who trust you; have them write down all the relative passwords and store them in a safe place, then tell you where they are.

    • LastPass has what I consider to be a good system. You can designate individuals (by email address) as recovery contacts. They can *request* access to your vault. You have a configurable amount of time (usually days) to say no. If you’re unable to say no they get access to your vault. (You can also “un-designate” should your relationships change.)

  2. My suggestion, as I get older and slower, would be to back up to or store all documents to an external USB (in my case, a WD 4TB My Book). A password file could be stored to a smaller thumb drive and both could be stored in a personal safe or even a safe deposit box. Having two each of these devices would allow you to rotate your backups or changed passwords.

  3. May I have your permission to post this article to my Facebook timeline? There are several people that I personally know that will benefit from this article. And, no telling how many others may benefit from reading this article.

  4. Creating a USB-based “live CD” from Ubuntu (or other Linux OS) and then booting to Ubuntu might allow you to see/read what’s on the Windows C drive if it’s not encrypted. This has saved me in the past.

    • It’s why I always keep a Linux Live USB and CD (for those awkward times I can’t get the computer to boot froma USB) in my essentials kit. Yes, it is always Ubuntu but there are plenty of Linux alternatives.

  5. This article inspired me to write a short (1/2 page) document giving info about getting access to my computer, telling where passwords are, and even some info about where various sets of data are in my file system.

    I printed a copy of this and included it in the file folder with my Will — a likely place for my executor to look.
    Good idea for everyone to do this — right now, it only takes a few minutes.

  6. While we are thinking of this topic, and making plans for our inevitable passing, I would point out that we need to consider carefully where we store the passwords etc.

    A bank safety deposit box may seem the safest place to safely store a list of passwords etc. but my understanding is that it will be sealed once the bank know of the renters death, even if you are a joint renter of the box.

  7. Leo –

    Regarding the instructions described in “Don’t log in #1: remove the drive” and “Don’t log in #2: use the backup image,” are you saying to follow those instructions IF we were not able to reset the PC’s administrator password using a third party tool?

    Thanks…

  8. Leo –

    Since computer files and software can become corrupt or incompatible (or be too difficult for the family to use), and flash and portable hard drives can malfunction, your thoughts on putting a simple paper copy of your passwords and other important documents in a very safe place in order to not be totally at the mercy of technology?

    Thanks…

    • As long as you’re ABSOLUTELY CERTAIN that the paper will only be seen when it’s needed, and by whomever legitimately needs it, sure. The problem here is keeping it up to date. I prefer a combo: put your password vault password on paper, (or, for example, use LastPass’s trusted friend approach). That way everything else is by definition up to date.

  9. This article is so helpful- I am the administrator of my deceased friend- He left all info in his computer as to the estate.( including all passwords).
    He was a code writer and I believe access would be encrypted – I am a layman as to computer access, however with out- I fear the estate can not be settled in a timely manner. Could you recommend several bonded data recovery/forensics firms that may be able to assist- We are in the New York City – and my quest for such has not been fruitful. Again- much thanks for such an important topic
    Best to you!!

    • I’m afraid I have no recommendations. I can’t keep track of so many possibilities all over the planet I’m afraid. Your estate attorney may have some references.

  10. We have been holding on to the laptop of my deceased Aunt for 3 years now. We have tried every conceivable thing to figure out the password to no avail. When she passed it was sudden n unexpected so nothing was in place to do anything about it. We only want to use the laptop, she had only owned it a few months when she passed n would likely not have pictures or any other important documents that we need. My father (this was his sister’s machine) simply wants to be able to use it as his current computer is a dinosaur lol. Can we just whitewash it from the boot up process without the password? Thank you.

    • Absolutely. You’ll simply need a Windows installation disk (you can download a copy), an activation key (you may need to purchase a new one), and you can set up Windows from scratch. Alternately you can do the same with a free version of a Linux distribution at no cost, if you don’t need Windows specifically.

  11. A client brought a surface pro 3 for me to repair and i cant get into it, it has both bitlocker encryption and a windows password both of which the client forgot, due to the bit locker encryption i cant even format the drive or get around the windows password, also the drive is built into the board it cant be removed. Any suggestions?

Leave a reply: