The purpose of this capstone project was to research the hibernation file, its role in memory forensics and to explore current technology, techniques and concepts for analysis. This study includes an in-depth look at the Windows hibernation feature, file format, potential evidence saved to the file and its impacts in digital forensic investigations. This research was performed to demonstrate the importance of the hibernation file and to generate awareness for this forensic artifact. The research questions presented were designed to identify the properties of Windows hibernation and its significance in digital forensics. Additionally, these research questions were aimed at identifying the important concepts analysts should understand in selecting forensic software and in hibernation analysis. Through the literature review process, the hibernation file was identified as an essential part of digital forensics which provides analysts with snapshots of system memory from various points in the past. This data includes web, email and chat sessions in addition to running processes, login credentials, encryption keys, program data and much more. Beyond forensics, the hibernation file is useful in the fields of data recovery and incident response. A review of current hibernation file publications revealed incomplete and conflicting works culminating in the acknowledgment that more research is needed in order to close these research gaps. More awareness for hibernation forensics through its inclusion in future published works and in computer forensic educational courses is recommended. These inclusions will assist to arm practitioners with the ability to accurately utilize the hibernation file in order to obtain the highest quality forensic evidence.
Keywords: Cybersecurity, hiberfil.sys, hybrid sleep, malware, slack space, Albert Orbinati.
Some files may require a special program or browser plug-in. More Information
|Advisor:||Orbinati, Albert, McCandlish, Vernon|
|School Location:||United States -- New York|
|Source:||MAI 54/04M(E), Masters Abstracts International|
|Subjects:||Information Technology, Computer science|
|Keywords:||Encryption, Forensics, Hiberfil.sys, Hibernation, Hybrid sleep, Malware|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be