Home > Products > Windows Passwords > Windows Password Recovery > Screenshots > Forensic tools > Windows Hello > Biometric databases
Biometric databases and digital IDs
19.09.2022
Reset Windows Password v12.1
USB and Recycle Bin history viewers, Windows Hello PIN dumper, update of the DPAPI recovery module
02.09.2022
New blog post
quite a bit about Windows Hello biometrics
23.08.2022
Windows Password Recovery v15.0
A big update of the DPAPI recovery module, support for Windows cloud accounts and much more
19.07.2022
Reset Windows Password v12.0
Windows media forensic tools and improved interface

Articles and video

You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action

Windows Password Recovery - Windows Hello biometric databases


Biometric databases contain digital identities used to authenticate a certain user in Windows Hello system. Those identities are fingerprints, 3d-faces, voice or iris.
 

Setting Windows directory
Windows Hello biometric databases - setting Windows directory

You should set the Windows directory of the target system first. This could be the Windows directory of your current or of any external operating system.

 

Selecting a biometric database
Windows Hello biometric databases - selecting a database

To decrypt a database, just double-click it in the list.


 

Decrypted biometric database
Windows Hello biometric databases - decrypted digital identities

The decrypted database contains found and decrypted digital identities, like fingerprints, 3d-faces, etc. For example, if a user has set 3 fingerprints previously, the fingerprints should be decrypted and outputted right of the user's name. Just like in the picture above.

You can save the digital IDs for further analysis

Despite the Microsoft assertion of extremely security, the digital IDs are badly protected against substitution (unless a TPM device is used) and can be easily migrated or copied from one PC to another. For example, you can create your own fingerprint, copy it to another PC into another user account. Then you can simply logon into the alien account using your own fingerprint. Because of the serious nature of this vulnerability that compromises the whole system security, the digital IDs migrating function was disabled in the current version of the program.