Hello
about the problem of the hash crack of the windows 10 SAM, what are the new solutions today that you know?
For me SAMDUMP2, PWDDUMP does not work.
Because john sees the hash of an empty password.
The mimikatz plugin for volatility does not work either, because the process lsass.exe is divided into 2 (including one in the VSM).
So whether from a memory dump or direct access to the physical disk of a Win10, I do not see how to recover a password from the hash.
maybe one of you has another solution?
thanks
mount as virtual machine use nvram file for access physical memory
thanks, but could you explain that?
clone your evidence and mount it your physical hard drive as virtual machine in vm vms has physical ram file or use commercial tools for mounting