Windows passwords may also be cached in memory. C:\>reg.exe save HKLM\SAM samĪn alternative is to use a tools such as Pwdump which can extract the hashes stored within the SAM/ system files directly without the need to use regedit or manual decryption of the SAM using the boot key. If Windows is running and you need access to the locked files in the Config folder (for example you know the files in Repair are out of date), you can extract these files using regedit. SAM contains the hashed passwords, however they are encrypted using the boot key within the system file. However, a backup of these files may be stored in the Windows repair folder at c:\Windows\Repair\. Yes, they are stored hashed within files in the c:\Windows\System32\Config\ directory.
