Personally identifiable information contained in the C:\windows\MEMORY.DMP file

How much personally identifiable information is contained in the C:\windows\MEMORY.DMP file?

I would like to upload the C:\windows\MEMORY.DMP file for a Windows 10 computer that keeps blue screening but first I need to know what personally identifiable information such as user names, company names, product keys, etc. is included within this file that will be able to be viewed by those who analyze this file?
IT GuyNetwork EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Shahnawaz AhmedCloud Migration EngineerCommented:
Hi,

Complete memory dumo containes MACHINE INFORMATION WHATever is being running at the time of crash. User name yes it will be there but password i never see it containes. Also application runnning and being executed in the memory. No product key but domain name and computer name + User name can be found
0
JohnBusiness Consultant (Owner)Commented:
No. I just took a random DMP (from here) and opened it with UltraEdit in HEX mode. Folder names and Windows OS details but no personally identifiable information. Its purpose is to record crash details and not personal stuff.
0
Lee W, MVPTechnology and Business Process AdvisorCommented:
A memory dump could contain anything - it's whatever is in memory.  Have notepad open with a list of users?  Excel?  On a web page with your product key displayed?  Full and Mini dumps vary but unless you're an expert debugger that's looked at thousands of dumps, I wouldn't be making conclusive statements about what is and is not in a dump.
1
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

Gary PattersonVP Technology / Senior Consultant Commented:
I agree with Lee W:  

Dump can contain virtually anything, depending on what programs are in use at the time, or were recently in use.  

In forensic exam of systems, I've seen user IDs, passwords, URLs, hashed passwords, user names, social security numbers, company names, HIPAA-PHI, PCI-PII, encoded strings - all sorts of confidential information (CI).  Dump can also contain images and partial images containing CI, documents and partial documents containing CI, and more - much of which is binary data that would not be evident on casual inspection in an editor, but is easily recoverable using appropriate tools.

It is never safe to provide a dump like this from a production system that contains CI to an un-trusted 3rd party.  Either engage a trusted 3rd party, or reproduce the problem on a "clean" machine that doesn't contain real data and submit that "clean" dump to the untrusted vendor.
0
JohnBusiness Consultant (Owner)Commented:
While I agree it is possible:

(a) I have not seen any looking at several posted DMP files.
(b) It would be remarkably hard to find because the data is using all 8 bits of a byte meaning a HEX editor cannot make any sense out of it.

People post DMP files here all the time for years and I have not seen any outcome from that.
0
Gary PattersonVP Technology / Senior Consultant Commented:
@John Hurst:  You might find some of these tools interesting:  http://www.forensicswiki.org/wiki/Tools:Memory_Analysis
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 10

From novice to tech pro — start learning today.