from windows 10, memory has been partially compressed. Memory can be decompressed using then analysed using Av scanners or the below methods. This is normally fairly fruitful, and can extract 150% more memory
Strings
-t d #print decimel offset
-e l #extract Unicode
-<num> #only strings >= num
# execute the following:
strings -a -t d [MEM/PROC] > strings.txt
strings -a -t d -e l [MEM/PROC] >> strings.txt
sort strings.txt > sorted_strings.txt
Bstrings
--lr [ipv4] # search for regex
--ls # search for string
--fs <filename> # list of strings
-m <num> # strings that match a certain len or above
bstrings -f file -m 8
bstrings -f file --ls search_term
bstrings -f file --lr ipv4
Grep
-r # reccurse
-n # line number
-w # word
-i # ignore case
-B <num> # show number of lines before
-A <num> # show number of lines after
-f <file> # list of strings
-v # exclude from search
-o # show only matching output
grep -rni mimikatz -i ./mem_folder