I get a sneaking suspicion that if this character was doing anything it was while in Linux. The first step is to get past the password
1. If this is a corporate property box, why don't you have the password anyway?.......which password is it?.......like are these lower level user passwords, encryption hashes or what?
2. What do you suspect the character might have been "doing"?
3. Who obtained this "image" and how did they do it?