Domain cached credentials

Operating systems based on the Windows NT series can cache (store) user logon information on users that enter the domain. This feature is designed to bypass the authorization procedure after the server has been unavailable for one reason or another. Additional information is available at:

Cached Logon Information

Microsoft Windows XP - Logging On Using Domain Credentials

Along with the general information on a domain user, which includes the actual user information, domain information, and general information (the DCC common record structure will be covered below), DCC contains the user's password hash.

Though these caches are 'stronger' than ones stored in SAM, PSPR is able to recover plaintext passwords from them, too (using dictionary and brute-force attacks).

If you need faster recovery of DCC passwords, have a look at Elcomsoft Distributed Password Recovery project.

Note: this feature has not been tested on Windows Vista yet.