[Vol-users] hibernation files

On this mailing list there was some discussion about hibernation files with the first page (0x1000 bytes) zeroed out. The SVN version of hibinfo converts one of these "inactive" hibernation files into a raw dd-type image. But that seems to be all the support it currently has. As an experiment, we changed is_hiberfil() to always return True and ran the Volatility commands on an inactive hibernation file. They all appear to run successfully. So this leads to a few questions: 1) Was that just a fluke of the file we used that the Volatility commands worked? 2) Are there any plans to identify/support hibernation files with the first page zeroed out? 3) Can we assume that a file with the first 0x1000 bytes zeroed out is a hibernation file? 4) If the answer to (2) is 'no' and the answer to (3) is 'yes', where can we submit a patch? Thanks -matthew