Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely. The intention of this research was to propose an alternative approach to credential theft and create a modular framework that can be extended to support other drivers that can access physical memory.

Physmem2profit can be found on Github.

An accompanying blog post can be found in /var/log/messages.