Solved

How to examine hiberfil.sys

Posted on 2009-05-12
8
921 Views
Last Modified: 2012-05-06
I have had an issue booting by system vista x64 from hibernation, it appears to go through the process of restoring the hibernation status but does not restore and starts a new session,
I had a not pad file open but not savaed the contents how can examine the hiberfil.sys in order to recover my notes.
0
Comment
Question by:bourneisp_
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 24369657
I don't think you're going to do it.  This is not a common practice.  The time and expense to get it done would probably be far more costly then reconstructing notes.

In short, I expect you'd need to use a byte level editor like WinHex and scan through it for text.  Good luck... it will be like finding a needle in a hay stack.
0
 
LVL 11

Expert Comment

by:kyodai
ID: 24369681
Well what leew said is somehow right. If you have the file just open it in some hex editor and enter a word or phrase you remember in the search dialog. However - as the hex editor does this for you you just need to wait for a minute and cross thumbs. I don't see why you shouldn#t give it a try. I use HxD as a hex editor which also works quite well for such large files.
0
 

Author Comment

by:bourneisp_
ID: 24369733
what about forceing windows to load the hiberfil.sys state.
0
Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 24369735
"somehow right"?  Strange, considering I don't have much experience...   8-)
0
 
LVL 96

Accepted Solution

by:
Lee W, MVP earned 250 total points
ID: 24369749
If you don't make a backup of it first, you could lose ALL chance of recovery.  Then (after the backup) I would hibernate the system so it knows it should resume again and then boot the system to a boot CD and replace the existing hiberfil.sys file with the one that wouldn't load.  But it's possible it's corrupt too... and simply won't load.

NOte: to make the backup, you may need to shutdown (not hibernate, boot to a boot CD and make the backup, since the file may well be locked while booted into windows).
0
 

Author Comment

by:bourneisp_
ID: 24369970
from what i can see it looks like when it has booted up it has created a new hiberfil.sys file at the created date and time if of my last boot up rather that the last time it was saved :(
0
 
LVL 11

Assisted Solution

by:kyodai
kyodai earned 250 total points
ID: 24370413
Yes if you have not saved that file it is unfortunately lost forever. As windows just overwrites the file you would need extended forensics to even have a remote chance of ever getting that content again. Sorry to say that, wish i could do more!
0
 

Author Closing Comment

by:bourneisp_
ID: 31580738
there was no solution to this as windows re-creates this file at start up
0

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to record audio from input sources to your PC – connected devices, connected preamp to record vinyl discs, streaming media, that play through your audio card: Vista, Windows 7, Windows 8, Windows 8.1 and Windows 10 – both 32 bit & 64.
Configuring Remote Assistance for use with SCCM
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question