Passware Kit 12.3 recovers passwords for Facebook, Gmail, and other websites by analyzing a memory image or a system hibernation file.
Here is how it’s done.
Launch Google Chrome browser on a target machine and open a new Incognito window (Ctrl+Shift+N). In Incognito mode Chrome does not save your passwords, but still they are present in computer memory.
Close Google Chrome. Now you can put your computer into hibernation or create a memory image.
When a computer hibernates, Windows writes all the physical RAM memory contents to
C:\hiberfil.sys file, creating a memory image. As
hiberfil.sys file is locked by Windows, you might need to use special tools in order to access the file. You can follow detailed instructions on creating a copy of the hibernation file.
The same results could be achieved by using using a live memory image acquired while the computer was running, instead of the hibernation file.
Please note that there is no guarantee that passwords will be in memory, but our tests show that passwords reside in memory for extended time.