±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 1 Overall: 32353
New Yesterday: 3 Visitors: 94

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

hiberfil.sys in windows 10

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page 1, 2  Next 
  

hiberfil.sys in windows 10

Post Posted: Fri Mar 17, 2017 11:37 am

Hello everybody. I'm investigating the fact of illegal penetration into the computer. The important data I found in the file is the hiberfil.sys. But, this file stores data for the year 2015., although Windows was installed in 2016. Has anyone dealt with a similar situation? How can you explain the record of data for 2015 in a file created in 2016?
I will be grateful for any help.  

tito
Member
 
 
  

Re: hiberfil.sys in windows 10

Post Posted: Fri Mar 17, 2017 2:57 pm

hibernate could have been disabled by "powercfg /h off" for example.

best regards,
Robin  

Bunnysniper
Senior Member
 
 
  

Re: hiberfil.sys in windows 10

Post Posted: Fri Mar 17, 2017 4:11 pm

First a few questions comes to my mind;
How did you find the target file (how was hiberfil.sys analyzed)?
Is this an upgraded OS (was there a previous OS)?
What do you mean by "record of data"?
What have you analyzed to get this 2015 timestamp?
_________________
Joakim Schicht

github.com/jschicht 

joakims
Senior Member
 
 
  

Re: hiberfil.sys in windows 10

Post Posted: Sat Mar 18, 2017 2:25 pm

- Bunnysniper
hibernate could have been disabled by "powercfg /h off" for example.

best regards,
Robin

Tito, forget it. I did not read it carefully enough, i wrote rubbish. Currently no idea why the hiberfil.sys has a timestamp older than the OS itself.  

Bunnysniper
Senior Member
 
 
  

Re: hiberfil.sys in windows 10

Post Posted: Sat Mar 18, 2017 3:41 pm

@tito: what if the bios/uefi or the OS date/time was set back manually ? Smile
_________________
Passcodeunlock - mobile/tablet screen unlocking
passcodeunlock.com 

passcodeunlock
Senior Member
 
 
  

Re: hiberfil.sys in windows 10

Post Posted: Sun Mar 19, 2017 1:43 am

- tito
Windows was installed in 2016


Fresh install over an older one?  

MDCR
Senior Member
 
 
  

Re: hiberfil.sys in windows 10

Post Posted: Mon Mar 20, 2017 7:07 am

Hey. First of all, I want to thank you for your answers, thank you!
1. The data was found by keywords.
2. The operating system was not updated, the new one installed, over the old one.
3. analyzed the data that is contained in the file hiberfil.sys. There were detected different records. Among them, for example, the update of the Chrome browser and there are timed marks for 2015.
In addition, there are ways to save files. There is specified a user name, which in the current system is not present.  

tito
Member
 
 

Reply to topicReply to topic

Share and Like this forum topic to get more replies




Page 1 of 2
Go to page 1, 2  Next