The #hibernation file (hiberfil.sys) is the file used by default by #Microsoft #Windows to save the machine’s state as part of the hibernation process. #dfir #cybersecurity #volatility
Category: Dfir
How to mount a Azure’s VHD disk image on Linux
I just recently to perform a forensic analysis on a compromised Microsoft Azure VM, and I’d like to share a couple of useful tips.
How to extract forensic artifacts from pagefile.sys?
Microsoft Windows uses a paging file, called pagefile.sys, to store page-size blocks of memory that do not current fit into physical memory. This file, stored in %SystemDrive%\pagefile.sys is a hidden system file and it can never be read or accessed by a user, including Administrator.
Permanently delete files in Windows using built-in utilities
A good wiping tool is available in all Windows systems since Windows 2000
How to analyze a VMware memory image with Volatility
A very brief post, just a reminder about a very useful volatility feature.