Via securitybydefault [Spanish]
The linked blog post explains how to fetch the SAM and System files from a Windows computer without shutting down the system.
Since both files are locked by other processes, they cannot be read. Therefore, the standard procedure would be shutting down Windows and running a live distribution to obtain a copy.
The article points to a talk given by Tim Tomes and Mark Bagget in Hack3rcon II, where they introduce a script they wrote to extract the files by creating Shadow Copies.