volatility icon indicating copy to clipboard operation
volatility copied to clipboard
verified publisher icon volatilityfoundation

Help with LSA Dump

Open roza07102 opened this issue 3 years ago • 1 comments

Unable to read LSA secrets from registry. Please I do I resolve this error?

roza07102 avatar Feb 12 '22 09:02 roza07102

which windows version are you using? (RTM build) Is everything else working in that image (like for example the shimcache plugin which also requires at least the registry stuff to properly work)?

In general those problems might be related to memory compression/swap as parts of the registry might get swapped out and you'd need a page fault handler resolving these reads (there is a volatility version that supports at least memory compression for some win10 version from fireeye)

cmueller-tp avatar Feb 14 '22 15:02 cmueller-tp