I am doing a final year project on hiberfil.sys. I am kind of struggling with the write up. Are there any tips that you guys can give me.
I would really appreciate it.
Thank You
I am doing a final year project on hiberfil.sys. I am kind of struggling with the write up. Are there any tips that you guys can give me.
Could you give us a little bit of an idea of what you're trying to do?
Well i am going to look at a machine after the user has put it into hibernation? My aim is to look at a hiberfil.sys as if i am doing an forensic investigation, trying to look at what the user has been on ie such as websites, images etc.
If you're going to try parsing the hiberfil.sys, look at Volatility, particularly if the file is from an XP system.
I will do Thanks for that.
I have just looked up parsing but i really don't understand on how exactly parsing works. Could you please give me more information regarding parsing?
I've run NetAnalysis and IEF (Jadsoftware.com) against memory dumps with interesting results. (Just in a test environment however.)
You might want to try them against hiberfil.sys and see what they carve out. If you can, try some chats, web browsing, and gmail activity on your PC before you sample the file so that they have something to find.
Importing hiberfil into FTK and asking it to carve and add the carved files to the case might also be interesting. FTK will also pull out credit card numbers, telephone numbers, and other interesting things. Running EnCase ensripts against it should too I imagine.
I'd be interested in reading your paper once you are done and seeing what you come up with.
Hey Thanks a lot for them tips.
I will be trying the things out that you have suggested.
I will try and put the paper on here for others to read.
Can anybody give me any tips on how i can write a paper on hiberfil.sys being used is in forensic investigation?
Try this
http//