Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to examine hiberfil.sys

Posted on 2009-05-12
8
Medium Priority
?
940 Views
Last Modified: 2012-05-06
I have had an issue booting by system vista x64 from hibernation, it appears to go through the process of restoring the hibernation status but does not restore and starts a new session,
I had a not pad file open but not savaed the contents how can examine the hiberfil.sys in order to recover my notes.
0
Comment
Question by:bourneisp_
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 24369657
I don't think you're going to do it.  This is not a common practice.  The time and expense to get it done would probably be far more costly then reconstructing notes.

In short, I expect you'd need to use a byte level editor like WinHex and scan through it for text.  Good luck... it will be like finding a needle in a hay stack.
0
 
LVL 11

Expert Comment

by:kyodai
ID: 24369681
Well what leew said is somehow right. If you have the file just open it in some hex editor and enter a word or phrase you remember in the search dialog. However - as the hex editor does this for you you just need to wait for a minute and cross thumbs. I don't see why you shouldn#t give it a try. I use HxD as a hex editor which also works quite well for such large files.
0
 

Author Comment

by:bourneisp_
ID: 24369733
what about forceing windows to load the hiberfil.sys state.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 24369735
"somehow right"?  Strange, considering I don't have much experience...   8-)
0
 
LVL 96

Accepted Solution

by:
Lee W, MVP earned 750 total points
ID: 24369749
If you don't make a backup of it first, you could lose ALL chance of recovery.  Then (after the backup) I would hibernate the system so it knows it should resume again and then boot the system to a boot CD and replace the existing hiberfil.sys file with the one that wouldn't load.  But it's possible it's corrupt too... and simply won't load.

NOte: to make the backup, you may need to shutdown (not hibernate, boot to a boot CD and make the backup, since the file may well be locked while booted into windows).
0
 

Author Comment

by:bourneisp_
ID: 24369970
from what i can see it looks like when it has booted up it has created a new hiberfil.sys file at the created date and time if of my last boot up rather that the last time it was saved :(
0
 
LVL 11

Assisted Solution

by:kyodai
kyodai earned 750 total points
ID: 24370413
Yes if you have not saved that file it is unfortunately lost forever. As windows just overwrites the file you would need extended forensics to even have a remote chance of ever getting that content again. Sorry to say that, wish i could do more!
0
 

Author Closing Comment

by:bourneisp_
ID: 31580738
there was no solution to this as windows re-creates this file at start up
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When asking a question in a forum or creating documentation, screenshots are vital tools that can convey a lot more information and save you and your reader a lot of time
By default Outlook 2016 displays only one time zone in the Calendar. The following article explains how to display two time zones in one calendar view.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question