How do you locate the correct Master Key file for offline Chrome password extraction?

Master Key files are stored in `%APPDATA%\Microsoft\Protect\%SID%`. If multiple files exist, the system uses a `Preferred` file that contains the GUID and creation time of the latest Master Key. You can read the first 16 bytes of the `Preferred` file to identify the correct Master Key file. Tools like Windows Password Recovery can then use this file along with the user's login password to decrypt the DPAPI blob. This method is detailed in Penetration Techniques - Offline Export of Passwords Saved in Chrome Browser.