Dump File Analysis
Enumeration of memory dumps
List printable characters or words longer than 7 characters
LSAS
On linux use pypykatz to analyse LSAS.DMP file
Pypykatz install
git clone https://github.com/skelsec/pypykatz.git
python3 setup.py install
Pypykatz LSAS analysis
pypykatz lsa minidump lsass.DMP
Strings and Regex
strings ./LogonUI.DMP | egrep -x '.{7,}'
strings ./explorer.DMP | egrep -x '.{10,}' | egrep -v "\.lnk|\.cpp|\.dll|xxxx|\.pdb|Font|ENTITY|PADDING|DOS mode|\?\?\?\?"
Last updated
Was this helpful?