Live Forensics: Hibernation File

Lab Requirements


In this demo, we will explore different ways how to perform live forensics and acquire artifacts that can aid the investigator even though acquiring the memory image of the system is not feasible.

We will be tackling about a Windows source artifact that can even replace a full memory image of the system for analysis, called Hibernation File.