Dump File Analysis

Enumeration of memory dumps

List printable characters or words longer than 7 characters


On linux use pypykatz to analyse LSAS.DMP file

Pypykatz install

git clone https://github.com/skelsec/pypykatz.git
python3 setup.py install

Pypykatz LSAS analysis

 pypykatz lsa minidump lsass.DMP

Strings and Regex

strings ./LogonUI.DMP | egrep -x '.{7,}'
strings ./explorer.DMP | egrep -x '.{10,}' | egrep -v "\.lnk|\.cpp|\.dll|xxxx|\.pdb|Font|ENTITY|PADDING|DOS mode|\?\?\?\?"

Last updated