Modern operating systems typically restrict access to critical or sensitive resources. For example, an internal database may not be intended for users to view or a resource may be currently in use. Such is the case when attempting to access the password databases maintained on systems running Microsoft Windows. When conducting a penetration test, circumvention techniques are usually required to extract a copy of such files because they are locked by the Windows kernel. It is recognized that the ability to acquire password hashes from a local system is not new. However, existing popular techniques present certain complications in an ethical penetration testing scenario.