Dump File Analysis

Enumeration of memory dumps

List printable characters or words longer than 7 characters

LSAS

On linux use pypykatz to analyse LSAS.DMP file

GitHub - skelsec/pypykatz: Mimikatz implementation in pure PythonGitHub

Pypykatz install

git clone https://github.com/skelsec/pypykatz.git
python3 setup.py install

Pypykatz LSAS analysis

 pypykatz lsa minidump lsass.DMP

Strings and Regex

strings ./LogonUI.DMP | egrep -x '.{7,}'

strings ./explorer.DMP | egrep -x '.{10,}' | egrep -v "\.lnk|\.cpp|\.dll|xxxx|\.pdb|Font|ENTITY|PADDING|DOS mode|\?\?\?\?"