For this challenge, you need to find the flag that corresponds to the password hash of a user.

Based on the name of the challenge, you can guess that you need to use Volatility.

1. You can identify a Windows OS memory dump with the following command:

`$ vol.py -f ~/Downloads/insomni/image.mem windows.info`

2. Finally, use this command to retrieve the flag:

`$ vol.py-f ~/Downloads/insomni/image.mem windows.hashdump`