I am currently looking for cool & interesting university or college course. If you have any information, feel free to contact me..


03Apr

X-Ways Forensics Beta 2 and hibernation file. (coincidence?)

Blogging, Forensics, Windows

X-Ways (WinHex editor) Forensics Beta 2 now includes hibernation file(hiberfil.sys) support for Windows XP 32-bit only. Please notice, Sandman library/framework is an open-source project under GNU General Public License v3 to read and write the hibernation file released 2 months ago…

Posted on Friday, Mar 28, 2008 - 1:05:
* Ability to decompress Windows XP 32-bit hiberfil.sys files, whether
active or inactive, to get a dump of physical memory with all in-use
pages from a previous point of time when the computer entered into
hibernation, as well as individually carved xpress chunks from
hiberfil.sys files, including xpress chunks located in the “slack” of
hiberfil.sys that are even older. This feature is available in Edit |
Convert. (forensic license only)

(PS: I’m not beta-tester)
Source.

add comment

Thursday, April 3rd, 2008 at 1:16 pm and is filed under Blogging, Forensics, Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “X-Ways Forensics Beta 2 and hibernation file. (coincidence?)”

  1. computer-forensik.org says: Posted on Saturday 19th April

    X-Ways Forensics: Update 14.9…

    Mit der Veröffentlichung von X-Ways Forensics in der Version 14.9 wurde nun die Möglichkeit geschaffen, hibernation-Dateien (Ruhezustand) forensisch zu analysieren. Der Autor der dafür ebenfalls verwendbaren frei verfügbaren Bibliothek “Sandm…

Leave us a comment