legal contact rss
 

Dump hashes from memory

Just a quick note on a neat function found while doing some memeory forensic research.

Wana get the hashes stored in your memory dump?

Use the "hasdump" option of volatility.

vol.exe -f vaio_mem.dmp --profile=Win7SP1x64 hashdump

... my job is so cooool ...