Volatility Notes

From Simson Garfinkel
Jump to: navigation, search

To decompress a windows hibernation file using volatility, the syntax is: 

 $ volatility hibinfo -f hiberfil.sys -d hiberfil.sys.decomp
Retrieved from "http://simson.net/wiki/index.php?title=Volatility_Notes&oldid=688"
Personal tools
Namespaces
Variants
Actions
Pages
NPS
Special
Contact
Toolbox