ERR: Couldn't find subkey PolSecretEncryptionKey of Policy

[GoogleCodeExporter]

C:\>python cachedump.py SYSTEM SECURITY
ERR: Couldn't find subkey PolSecretEncryptionKey of Policy


How do I obtain the subkey PolSecretEncryptionKey of Policy?


Thanks,
Enda

Original issue reported on code.google.com by [email protected] on 17 May 2013 at 12:35

[seanfuture]

Appears this particular issue still exists

[moyix]

What version of Windows did the hive files come from?

It appears that in Vista and later, the key name has changed. Volatility has an implementation of the updated algorithm that could be ported over (both creddump and Volatility shared the same implementation originally).

volatilityfoundation/volatility@8e7d5da

If you want to do this and submit a pull request I'd be happy to merge it.

[seanfuture]

Windows 8 was the source, so that's likely the issue.

[JensTimmerman]

I ran into the same issue on win8, but it works with the patches linked above, which happen to be already merged in https://github.com/Neohapsis/creddump7