Volatility Notes

From Simson Garfinkel
Jump to navigation Jump to search

To decompress a windows hibernation file using volatility, the syntax is:

 $ volatility hibinfo -f hiberfil.sys -d hiberfil.sys.decomp