Volatility problem ...
 
Notifications
Clear all

Volatility problem extract SAM data

Zorgon
(@zorgon)
New Member

Hi ;
is there any other way to extract SAM information from Windows 10, because with Volatility; the extract command doesn't give anything, and the full registry dump is not usable regarding the SAM part.
Question do you have a tool or an approach to explore?

Quote
Topic starter Posted : 25/03/2021 10:55 am
sisyphus
(@sisyphus)
New Member

Your question seems vague to me. Are you wanting to extract the SAM hive from Windows or just extract data from the SAM hive? 

 

Either way, you can always extract the SAM hive via cmd with admin rights "reg save hklm\sam x:\sam"

 

If you want to examine the SAM hive data, you can look for Registry Explorer or other free tools by Eric Zimmerman.

 

A cursory online search will offer you many more gui or cmdline options to choose from.

ReplyQuote
Posted : 30/03/2021 2:27 pm
Share: