When you start analyzing a Linux memory dump using volatility, the first problem you may need to face is choosing the correct memory profile.
Memory analysis on Windows 10 is pretty different from previous Windows versions: a new feature, called Memory Compression, make it necessary a forensic tool able to read compressed memory pages.
The #hibernation file (hiberfil.sys) is the file used by default by #Microsoft #Windows to save the machine’s state as part of the hibernation process. #dfir #cybersecurity #volatility
A very brief post, just a reminder about a very useful volatility feature.
Often, during an incident response, may be necessary to analyze a lot of evidences, like disk and memory dumps.