Windows 10 Memory + Registry


azuleonyx

Member
Experienced Member
Oct 20, 2018
60
Ratings
48
18
Charlotte, North Carolina Area
cyberfenixtech.blogspot.com
Twitter
https://twitter.com/AzuleOnyx
#1
Anyway perform memory analysis with Windows 10 (one of the latest builds)? I seems both rekall and volatility do not pull enough information from memory dealing with the registry hives. On my windows 10 memory image, I see a list of hives but when I attempt to print common keys such as from the SAM hive, I get no values or am I just looking at it incorrectly?
 

azuleonyx

Member
Experienced Member
Oct 20, 2018
60
Ratings
48
18
Charlotte, North Carolina Area
cyberfenixtech.blogspot.com
Twitter
https://twitter.com/AzuleOnyx
#2
I did find out that since the computer was connected to a Domain; it does not seem to keep the information fully in memory. I did mange to use mimikatz to pull domain and log logins from memory on a running system.
 

About us

  • Our community began in 2004. Since this time, we have grown to have over 29,000+ members within the DFIR & Cyber Security community.

    We are happy to announce that this forum is now under new ownership with the goal to once again become the main Digital Forensics Forum on the internet for DFIR, OSINT and Cyber Security.

    If you can think of ways to help us improve, please let us know.

    We pride ourselves on offering unbiased, critical discussion among people of all different backgrounds.

    We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu