“New Phone, Who Dis?” famous words said countless times to any number of people days, weeks, and even months after replacing a mobile phone. The strange “Who Dis?” dance goes on when we get a new computer too, though the moves are a little different. Worse, the steps of the dance especially when the computer is not exactly Brand New and the previous owner left their grubby fingerprints all over.
I have had some luck in the past 18 months or so finding really interesting computers at thrift stores and in ‘lots’ of “junk” computers from various online sellers. One of these so-called “junk” laptops happened to be this little Asus EEE PC pictured below. By today’s standards, the EEE PC no where NEAR anything to write home about, but back in the day this little brick was a pioneer, kicking off the ‘Netbook’ style of computers (outside Japan).
Of course, when the machine arrived the battery was completely drained and there was no power supply included – but a quick once over and the machine looked to be in working order. A power supply was quickly sourced and once power was applied, the laptop bounced back to life, and started Windows.
Awesome, already loaded with Windows 7. Since this machine was part of a lot of machines I really did not need anyway, seeing this I am about ready to get this little laptop ready to throw onto eBay. Until …
Oh. Well. A password prompt, lovely. It is at this moment of our story that I need to make a point or three. First, the powers I am about to demonstrate can be used for good or evil, and while this really is not a sophisticated trick – Do. No. Evil. with what you may learn. Second, I feel comfortable sharing these screen shots as there honestly not enough information here to identify the previous owner OR anything personally identifiable (aside from a name and a few internet favorites, random files, et cetera). Third, the point I am aiming for is that – before you donate a computer to your local charity, erase your stuff…
Now, seeing a password prompt I can easily just erase the drive and reuse the computer, but I simply cannot pass up the opportunity to see what a computer was used for in a past life. Cracking the password just is not worth the time as the machine is now mine and seeing Windows 7 Starter is installed, it is not encrypted. At this point, I reach for a trusty USB drive with a Live Ubuntu image and booted right up to the drive, and I am around the password.
Now with the password problem sorted, time to check the hard drive. The first observation is that this drive was spilt into 2 volumes (something like an OS partition and a Data partition). Starting with the partition with Windows on it, the folder layout on the drive drive looks very much like a Windows 7 Installation would. This means that if there is anything obvious to be found, the Users folder is where to begin.
With just a few clicks we find ourselves in the previous owner’s user profile (Jon) and can now see what was left behind, aside from a password that is.
There was not much to speak of on this machine, only a few bit and crumbs left behind. Although, the more technical readers will be quick to point out that I did not look for internet cookies, internet cache, or temporary files and they would be correct. Finding all the crumbs to build a profile on a particular user was not the point of this exercise … The point of this exercise was to point out how simple it was to get the data off the machine even though a password was in place. No fancy or complicated tricks were used, just a bit of time and patience and then I could see anything left behind.
Of course I should not have to say this again, but this was a machine I purchased second hand from a thrift store and the drive was securely wiped after writing this. A method like this should not be used to bypass any sort of security on devices that you do not own … and, in conclusion, for the love of all that is holy … Erase your stuff BEFORE selling or donating them!