hiberfil.sys ---hibernation security risk

Discussion in 'other software & services' started by LockBox, Apr 2, 2006.

Thread Status:
Not open for further replies.
  1. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,294
    Location:
    Here, There and Everywhere
    In Windows XP, when a laptop is put into hibernation mode, everything in RAM is placed in a single file called hiberfil.sys. I just recently learned that all files, (Including encrypted files, containers, volumes, etc. that are open) when a PC goes into hibernation are saved as plain text in the hiberfil.sys file. This can be an obvious security problem for many.

    I have read the only way to delete the hiberfil.sys file is to disable hibernation, reboot, and the file is gone. You can then re-enable hibernation...repeat as necessary. Does anybody here know of a way to "erase" the file without the disable/enable routine? Even zeroing out the file would be fine since hibernation obviously depends on the file being present.

    Thanks in advance for any info.


    -
    search tags/strings: "delete hibernation files", "delete hiberfil.sys", "safely deleting hiberfil.sys"
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,982
    Location:
    California
    Last edited: Apr 2, 2006
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.