Dump File Analysis

Enumeration of memory dumps

List printable characters or words longer than 7 characters

LSAS

On linux use pypykatz to analyse LSAS.DMP file

git clone https://github.com/skelsec/pypykatz.git
python3 setup.py install

 pypykatz lsa minidump lsass.DMP

strings ./LogonUI.DMP | egrep -x '.{7,}'

strings ./explorer.DMP | egrep -x '.{10,}' | egrep -v "\.lnk|\.cpp|\.dll|xxxx|\.pdb|Font|ENTITY|PADDING|DOS mode|\?\?\?\?"

Last updated 2 years ago

Was this helpful?