The user passwords are stored in a hashed format in a registry hive either as a LM hash or as a NTLM hash. This file can be found in %SystemRoot%/system32/config/SAM and is mounted on HKLM/SAM.
%SystemRoot%/system32/config/SAM and is mounted on HKLM/SAM.
The use of dd
Cloning a partition
From physical disk /dev/sda, partition 1, to physical disk /dev/sdb, partition 1.
# dd if=/dev/sda1 of=/dev/sdb1 bs=64K conv=noerror,sync
Warning: If output file of= (sdb1 in the example) does not exist, dd will create a file with this name and will start filling up your root file system!
Cloning an entire hard disk
From physical disk /dev/sdX to physical disk /dev/sdY
# dd if=/dev/sdX of=/dev/sdY bs=64K conv=noerror,sync