<< Click to Display Table of Contents >> Navigation:  System and Data Recovery Programs > Proactive System Password Recovery > Working with PSPR > Main menu > Domain cached credentials

Windows NT-based systems can cache (store) user logon information of the users that enter the domain. This feature is designed to facilitate authentication if the authentication server is unavailable.

 

Along with general information on a domain user, which includes user data, domain information, and general information (the DCC common record structure will be covered below), DCC contains the user's password hash.

 

Though these caches are stronger than ones stored in the SAM, PSPR can use dictionary and brute-force attacks to recover plaintext passwords.

 

If you need faster recovery of DCC passwords, have a look at Elcomsoft Distributed Password Recovery.

 

Note: this feature has not been tested on Windows Vista yet.