Help Request - The process Hangs #5
Description
Hello,
I've ran winpmem (https://github.com/Velocidex/WinPmem/releases/tag/v4.0.rc1) to get the RAW file from the RAM memory.
Then I've used volatility2, to get the .DMP file of the lsass process, also tried volatility3 to dump the process memory.
invoke-powerextract -PathToDMP 'C:\740.dmp' -Debug $true DEBUG: Inputfile valid and identified in: C:\740.dmp DEBUG: Header of Dumpfile parsed. Dumpfile holds 2652553094 Streams.
I understand that in the demo you only have 16 streams, but, is there anything that I can do?