hiberfil.sys ---hibernation security risk

Discussion in 'other software & services' started by LockBox, Apr 2, 2006.

Thread Status:
Not open for further replies.
  1. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    In Windows XP, when a laptop is put into hibernation mode, everything in RAM is placed in a single file called hiberfil.sys. I just recently learned that all files, (Including encrypted files, containers, volumes, etc. that are open) when a PC goes into hibernation are saved as plain text in the hiberfil.sys file. This can be an obvious security problem for many.

    I have read the only way to delete the hiberfil.sys file is to disable hibernation, reboot, and the file is gone. You can then re-enable hibernation...repeat as necessary. Does anybody here know of a way to "erase" the file without the disable/enable routine? Even zeroing out the file would be fine since hibernation obviously depends on the file being present.

    Thanks in advance for any info.


    -
    search tags/strings: "delete hibernation files", "delete hiberfil.sys", "safely deleting hiberfil.sys"
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Last edited: Apr 2, 2006
Loading...
Thread Status:
Not open for further replies.