You do need a special viewer to open sam.bak. One program that is capable of opening the file is Registry Viewer. It’s a commercial program that can be downloaded as a demo version, sufficient for our task. After installing the software start it and load the file sam.bak.

Now navigate to the folder \SAM\Domains\Account\Users which should open several subfolders. Each folder represents a user account on your system. If you select for instance the folder 000001F4 you will see that this is the default administrator account. Additional parameters are listed in that file including if this account uses a password to login, when and if the password was changed, the expiration time of the password, a country code and invalid logons.

This could be relevant in many occasions. Hackers could gain valuable information about a computer system just by analyzing this one file. They could find out if there are unprotected accounts and see if and when a user changed the password for the last time and the last time he was logged onto the system.