The #hibernation file (hiberfil.sys) is the file used by default by #Microsoft #Windows to save the machine’s state as part of the hibernation process. #dfir #cybersecurity #volatility
A very brief post, just a reminder about a very useful volatility feature.
Often, during an incident response, may be necessary to analyze a lot of evidences, like disk and memory dumps.
Recently i’ve published this post focused on hunting malware using volatility and Yara rules.
Spoiler: shame on DumpIT!