Hello, Reader,
The bonus question in this challenge asked where Windows stores the biometric data used for facial recognition or fingerprint authentication. It turns out that this information is kept in a database located at:
\Windows\System32\WinBioDatabase
Inside this folder, you’ll find files named with GUIDs and a .DAT extension, for example:
DC576DA6-D676-4A15-906D-C0CEAF949543.DAT
These files contain an encrypted and hashed version of a user’s identity that Windows uses for system authentication. This process is part of the Windows Biometric Framework. For more details, check out the Biometric Framework Overview on Microsoft Learn.
The encryption key being used remains unclear, and it’s possible that these keys are stored in a TPM chip. I’ll take a closer look at this file in my next post to see if the Data Protection API is also being utilized.
Stay tuned!
Post a Comment