Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Help Request - The process Hangs #5

Open
fgomesz opened this issue May 27, 2024 · 0 comments
Open

Help Request - The process Hangs #5

fgomesz opened this issue May 27, 2024 · 0 comments

Comments

@fgomesz
Copy link

fgomesz commented May 27, 2024

Hello,

I've ran winpmem (https://github.com/Velocidex/WinPmem/releases/tag/v4.0.rc1) to get the RAW file from the RAM memory.
Then I've used volatility2, to get the .DMP file of the lsass process, also tried volatility3 to dump the process memory.

invoke-powerextract -PathToDMP 'C:\740.dmp' -Debug $true DEBUG: Inputfile valid and identified in: C:\740.dmp DEBUG: Header of Dumpfile parsed. Dumpfile holds 2652553094 Streams.

I understand that in the demo you only have 16 streams, but, is there anything that I can do?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant