What are the differences between user-mode and kernel-mode dump files in password extraction?

User-mode dump files target a single process (like lsass.exe) and can be created with tools such as Procdump or the `MiniDumpWriteDump()` API; passwords are extracted using mimikatz directly on the dump. Kernel-mode dump files contain information from all processes and are generated automatically on system crash (BSOD). Extracting passwords from kernel-mode dumps requires WinDbg, proper symbol files, and the mimilib plugin. For user-mode dump extraction, see the related article Penetration Techniques - Extracting Plaintext Credentials from Remote Desktop Client.