Hiberfil.sys

Thanks For That )

Please take a look at the work done by Matthiue Suiche, particularly http//www.msuiche.net/hibrshell/

As Harlan as already indicated, much of his code has been included in the Volatility framework.

Just because a hiberfil appears to be inactive this does not mean it can not be parsed, thanks to moyix for his contribution towards Volatility.

Try this

http//tinyurl.com/yjwfo5s

lol

Thanks a lot for your help )

Can anybody please tell me which programme do i need to open up a hiberfil.sys file? Because apparently i tried opening with notepad and nothing came up. So is there any specific software that i need to download to open up the file?

Can anybody please tell me which programme do i need to open up a hiberfil.sys file? Because apparently i tried opening with notepad and nothing came up. So is there any specific software that i need to download to open up the file?

This has already been answered at least twice in this thread…at this point, I'm not sure what else can be said…

holden,

Your query is a huge task and no-one wants to take it on as they would potentially be doing your work for you.

Whilst my original posting was a bit tongue-in-cheek the underlying message was that you will have to do this work yourself. Some people might be able to reverse engineer parts of this file but I doubt that even Microsoft Engineers will be able to identify all the artefacts in all hiberfil.sys files.

I don't know what course you are studying but trying to open hiberfil.sys with notepad is pretty poor to be honest. If you need to be pointed towards hex editors and the volatility framework in order to start your work and you are then still asking for help, then I'm afraid you might find reverse engineering the contents of this file a bit much to be perfectly frank.

Paul