X-Ways Forensics Beta 2 and hibernation file. (coincidence?)

Posted by Matthieu Suiche on Thursday, April 3, 2008 · 1 Comment

X-Ways (WinHex editor) Forensics Beta 2 now includes hibernation file(hiberfil.sys) support for Windows XP 32-bit only. Please notice, Sandman library/framework is an open-source project under GNU General Public License v3 to read and write the hibernation file released 2 months ago…

Posted on Friday, Mar 28, 2008 – 1:05:
* Ability to decompress Windows XP 32-bit hiberfil.sys files, whether
active or inactive, to get a dump of physical memory with all in-use
pages from a previous point of time when the computer entered into
hibernation, as well as individually carved xpress chunks from
hiberfil.sys files, including xpress chunks located in the “slack” of
hiberfil.sys that are even older. This feature is available in Edit |
Convert. (forensic license only)

(PS: I’m not beta-tester)
Source.

Filed under Forensics, Windows · Tagged with

About Matthieu Suiche

Comments

One Response to “X-Ways Forensics Beta 2 and hibernation file. (coincidence?)”

Trackbacks

Check out what others are saying about this post...

computer-forensik.org says:

April 19, 2008 at 2:28 pm

X-Ways Forensics: Update 14.9…

Mit der Veröffentlichung von X-Ways Forensics in der Version 14.9 wurde nun die Möglichkeit geschaffen, hibernation-Dateien (Ruhezustand) forensisch zu analysieren. Der Autor der dafür ebenfalls verwendbaren frei verfügbaren Bibliothek “Sandm…

M	T	W	T	F	S	S
« Mar				May »
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30

Matthieu Suiche's blog

X-Ways Forensics Beta 2 and hibernation file. (coincidence?)

Comments

Trackbacks

Keep connected

Recent Posts

Categories

Archives

Blogroll

Calendar

Search

Pages