Package bkhive

Dump the syskey bootkey from a Windows system hive

http://ophcrack.sourceforge.net/

This tool is designed to recover the syskey bootkey from a Windows NT/2K/XP
system hive. Then we can decrypt the SAM file with the syskey and dump
password hashes.

Syskey is a Windows feature that adds an additional encryption layer to the
password hashes stored in the SAM database.

General Commands (Section 1)
bkhive
bkhive <system hive> <key file>