MSCACHE dump patch

[GoogleCodeExporter]

We have made a 'ugly' patch to enable a command to dump MSCACHE hashs from the 
SYSTEM and SECURITY hives.

Attached is the patch file. Patch with patch -p1 < 
volatility-2.1-with-MSCACHE.patch

Enjoy :)

Philippe & Christian

Original issue reported on code.google.com by christian.kungler on 31 Aug 2012 at 4:50

• Merged into: #92

Attachments:

• volatility-2.1-with-MSCACHE.patch

[GoogleCodeExporter]

a cool! thanks for the patch.  I'll take a look at it shortly :-)

Original comment by jamie.l...@gmail.com on 31 Aug 2012 at 5:00

• Added labels: Type-Enhancement
• Removed labels: Type-Defect

[GoogleCodeExporter]

Thanks Philippe and Christian! I'm going to merge this into issue #92 
(Cachedump plugin patch). We had temporarily disabled the plugin because it 
only worked on XP x86. There's a patch in issue #92 for getting it to work 
better on later versions like Vista, 2008, and 7, but we haven't gotten the 
time to test it out for x64 systems. If you guys have any information or 
ability to test on Vista, 2008, 7 (especially x64) that would be a huge help. 

Original comment by michael.hale@gmail.com on 31 Aug 2012 at 7:30

• Changed state: Duplicate

[GoogleCodeExporter]

This explains that (code was there but unused) ;)
I'm pretty certain we can test x64 for 2008 and 7. I'm less sure about Vista 
but will check that on Monday.

Original comment by christian.kungler on 31 Aug 2012 at 7:47