Friend of mine ground-scored a laptop that was left in a college locker at the end of the school year. Visible screen glass damage from a violent corner drop, but still powered up and displayed just fine. Cute little unit, a Lenovo Flex 3. The screen flips around 360 to turn it into a tablet.
Anyhow it hadn’t been wiped. Windows 10, one known username, password unknown. A quick Google gave me something to try. Boot Windows 10 USB installer, go to command prompt, copy c:\windows\system32\cmd.exe into c:\windows\system32\sethc.exe (the sticky-keys notifier).
Boot the machine normally, and when it gets to the login, hit left-shift five times. Instead of the sticky-keys notifier, you get a command prompt. All I had to do at that point was change the user’s password:
net user (username) (new password)I could immediately login as that user. Not much in terms of payload immediately visible. Hardly anything in documents, fewer than 30 photos saved, no custom apps. Oh wait, let’s launch mail (this machine is not connected to the Internet). Bingo, user’s complete historical Gmail up until the machine was last used. Conveniently saved to the laptop for me to rifle through looking for other useful data.
Moral of the story? Encrypt your home directory.
I suspect if I gave it internet access it would try to reach out to Google and raise an alarm for suspicious login and force reauthentication. Would that cause me to lose the existing emails I have already correct: That’s a question for another day.