Windows 10 Memory + Registry


Experienced Member
Oct 20, 2018
Charlotte, North Carolina Area
Anyway perform memory analysis with Windows 10 (one of the latest builds)? I seems both rekall and volatility do not pull enough information from memory dealing with the registry hives. On my windows 10 memory image, I see a list of hives but when I attempt to print common keys such as from the SAM hive, I get no values or am I just looking at it incorrectly?

