You can not simply browse to the SAM folder and copy the file while the OS is running. Windows kernel obtains and keeps an exclusive filesystem lock on the SAM file, and will not release that lock until the operating system has shut down or a "Blue Screen of Death" exception has been thrown. Tools do exist to dump the contents from older versions of Windows. The easiest method to obtain the contents is to boot into another OS and dump the contents into something like 0phCrack. Locksmith is used to reset the password of a local account.

Edit: I doubt "using tools to dump the contents of SAM from memory" is correct in this question because this an offline attack which means SAM is not in the memory, right? ANSWER: By offline attacks, they are referring to attacking the SAM file 'offline' to try to get the passwords from the hashs.

Edit: Since it's an offline attack, dump from memory is not possible, but picking up a copy from the filesystem should be.

Edit: answer "Browsing to %SystemRoot%/system32/config/ and copying the SAM file" is not correct! Using %SystemRoot% suggests that you are trying to copy a file in online mode. Windows (as noticed in explanation above) will not allow that, because file is locked (even for admin with elevated rights). Also answer "using tools to dump the contents of SAM from memory" is true. An example of tools which you can use are DumpIt (to dump memory) and Volatility (to dump SAM content). References: https://www.aldeid.com/wiki/Dumpit, https://www.aldeid.com/wiki/Volatility/Retrieve-password According to this explanation, updating correct answers.