Some months later, an alpha version formally called 1.0.080226, of Sandman Framework has been released as an open source project. — you can find the current version here. Please consider, as Volatility Team has kindly reminded SandMan is a GPL3 project then don’t imitate Vendor “X” which don’t even waited a final version of SandMan to violate the GPL and then implemented a bugged version into his commercial products :).
Anyway, at the upcoming Black Hat Vegas 2008, I’m going to give a talk entitled “Windows hibernation file for fun and profit“. This talk aims to discuss about both forensics and offensics uses through the hibernation file (hiberfil.sys) with SandMan.
For your information, Alex is also giving a talk at BH called “Of Pointers and Handles A Story of Unchecked Assumptions in the Windows Kernel”.
You can take a look at the full schedule here.