Memory analysis on Windows 10 is pretty different from previous Windows versions: a new feature, called Memory Compression, make it necessary a forensic tool able to read compressed memory pages.
The #hibernation file (hiberfil.sys) is the file used by default by #Microsoft #Windows to save the machine’s state as part of the hibernation process. #dfir #cybersecurity #volatility
A very brief post, just a reminder about a very useful volatility feature.
Often, during an incident response, may be necessary to analyze a lot of evidences, like disk and memory dumps.
Recently i’ve published this post focused on hunting malware using volatility and Yara rules.