Hello all,

 

I have posted this twice because the decompression issue should be moved to vol-dev as Aaron suggested.

 

yesterday Andreas did provide a hiberfil.sys for decompression testing. Thanks a lot again.

I have processed it twice with X-Ways-Forensics 15.3 SR3 and Volatility (SVN-release).

The good news: Both result files are identical.

The bad news: I don’t have any clue why the decompression of my case relevant hiberfil.sys did not properly work with volatility but did with XWF.

 

If anyone other needs a hiberfil.sys decompressed with XWF for testing, do not hesitate to ask me. We have the most recent releases here. (I am back on the 29^th of July)

 

I did compare the vol and the XWF-version of my case files but I can’t interpret or explain the differences. What should I look for?

 

BR

 

Michael

 

Michael Felber, StA

Finanzamt Chemnitz-Süd

Steuerfahndung

IT-Forensik

Paul-Bertz-Str. 1

D-09120 Chemnitz

Germany

 

Fon:      +49 371 279 446

Fax.      +49 371 279 421