HIBERNATION RECON

HIBERNATION Recon

 

 

Look Back in Time

 

Advanced Microsoft Windows® Hibernation Forensics

 

The exploitation of Windows hibernation files to “look back in time” and uncover compelling evidence is crucial to digital forensics practitioners. Hibernation Recon not only supports active memory reconstruction from Windows XP, Vista, 7, 8/8.1, 10, and 11 hibernation files, but also extracts massive volumes of information from the multiple types (and levels) of slack space that may exist within them. Additional features of Hibernation Recon include the automatic recovery of valuable NTFS metadata and parallel processing of multiple hibernation files. Digital forensics practitioners cannot afford to analyze electronic evidence without extracting maximum value from Windows hibernation files.

 

Hibernation Recon Features

 

Hibernation Recon includes both free (Free Mode) and paid (Professional Mode) features.

 

Features

 

  • Windows XP, Vista, 7, 8/8.1, 10, and 11 hibernation file support (Free Mode)
  • Active memory reconstruction (Free Mode)
  • Extraction of multiple types (and levels) of slack space (Professional Mode)
  • Brute force decompression of partially overwritten slack (Professional Mode)
  • Proper handling of legacy within modern hibernation data (Professional Mode)
  • Segregation of extracted slack based on particular hibernations (Professional Mode)
  • Ability to distinguish legacy hibernation data from previous Windows installations (Professional Mode)
  • Automatic recovery of valuable NTFS metadata (Professional Mode)
  • Parallel processing of multiple hibernation files (Professional Mode)

 

Related Posts

LLIMAGER – User-Supplied USB SSD/HDD One Year Subscription

August 6, 2024

LLIMAGER on 2TB USB SSD Drive with One Year Subscription

August 6, 2024

1637L Air Laptop Case

July 12, 2024