HIBERNATION RECON

HIBERNATION Recon

 

 

Look Back in Time

 

Advanced Microsoft Windows® Hibernation Forensics

 

The exploitation of Windows hibernation files to “look back in time” and uncover compelling evidence is crucial to digital forensics practitioners. Hibernation Recon not only supports active memory reconstruction from Windows XP, Vista, 7, 8/8.1, 10, and 11 hibernation files, but also extracts massive volumes of information from the multiple types (and levels) of slack space that may exist within them. Additional features of Hibernation Recon include the automatic recovery of valuable NTFS metadata and parallel processing of multiple hibernation files. Digital forensics practitioners cannot afford to analyze electronic evidence without extracting maximum value from Windows hibernation files.

 

Hibernation Recon Features

 

Hibernation Recon includes both free (Free Mode) and paid (Professional Mode) features.

 

Features

 

  • Windows XP, Vista, 7, 8/8.1, 10, and 11 hibernation file support (Free Mode)
  • Active memory reconstruction (Free Mode)
  • Extraction of multiple types (and levels) of slack space (Professional Mode)
  • Brute force decompression of partially overwritten slack (Professional Mode)
  • Proper handling of legacy within modern hibernation data (Professional Mode)
  • Segregation of extracted slack based on particular hibernations (Professional Mode)
  • Ability to distinguish legacy hibernation data from previous Windows installations (Professional Mode)
  • Automatic recovery of valuable NTFS metadata (Professional Mode)
  • Parallel processing of multiple hibernation files (Professional Mode)

 

Related Posts

SuperWiper Desktop 12 NVMe ports PCIE4.0 Multiple NVMe SSD Data Erase Unit

April 8, 2024

SuperWiper 8” T4 SAS/SATA and USB3.2 Portable Data Erase Unit – Erase 13 Storage Devices

April 8, 2024

SuperWiper 8″ 4 SAS/SATA and 8 USB3.2 Ports Portable Economic Eraser Unit – Erase 12 Storage Devices

April 8, 2024