Dump hashes from memory
Just a quick note on a neat function found while doing some memeory forensic research.
Wana get the hashes stored in your memory dump?
Use the "hasdump" option of volatility.
vol.exe -f vaio_mem.dmp --profile=Win7SP1x64 hashdump
... my job is so cooool ...