Via securitybydefault [Spanish]

The linked blog post explains how to fetch the SAM and System files from a Windows computer without shutting down the system.

Since both files are locked by other processes, they cannot be read. Therefore, the standard procedure would be shutting down Windows and running a live distribution to obtain a copy.

The article points to a talk given by Tim Tomes and Mark Bagget in Hack3rcon II, where they introduce a script they wrote to extract the files  by creating Shadow Copies.