Tool Enables Instant Decryption of TrueCrypt and BitLocker by Analyzing Hibernation File
A sleep feature in Microsoft Windows may significantly reduce security of full disk encryption, Passware warned today. The Mountain View, California based company claims that the latest version of its Passware Kit makes instant decryption for powered-off computers possible by analyzing a hibernation file which is automatically created when a system enters hibernation. This file (hiberfil.sys) often contains data that may breach computer security, the company says.
If a computer with a mounted TrueCrypt or BitLocker To Go hard disk has hibernated at least once, Passware Kit will instantly decrypt the hard disk even if the computer is no longer running. If the target computer is running, the company’s Passware Kit Forensic 10.3 can decrypt hard disks encrypted with BitLocker or TrueCrypt in a matter of minutes the company claims.
“The complexity of IT security is not limited to anti-malware, anti-virus, phishing and other actions, but extends to behaviors that exploit little known flaws in operating systems,” said Dmitry Sumin, president of Passware, Inc.
“This latest version of Passware Kit is the absolute definitive tool for investigators. With the ability to extract encryption keys from a Hiberfil.sys file, there really is nowhere for the bad guy to run,” Andy Malone, CEO and senior technology of quality training (UK) Ltd.
In September the company announced that its software was capable cracking of BitLocker To Go USB Disks, saying it can decrypt “BitLocker To Go” thumb drives in less than 20 minutes.
Hibernation captures everything in memory (RAM) and writes it to your hard disk as the hiberfil.sys file. If you have 1GB of memory, the hiberfil.sys will be about 1GB. Want to delete hiberfil.sys or disable hibernation? Microsoft has some resources here and here that may help.

More from SecurityWeek News
- Threat Hunting Summit Virtual Event NOW LIVE
- Video: ESG – CISO’s Guide to an Emerging Risk Cornerstone
- Threat Modeling Firm IriusRisk Raises $29 Million
- SentinelOne Announces $100 Million Venture Fund
- Today: 2022 CISO Forum Virtual Event
- Cymulate Closes $70M Series D Funding Round
- SecurityWeek to Host CISO Forum Virtually September 13-14, 2022: Registration is Open
- Privilege Escalation Flaw Haunts VMware Tools
Latest News
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- Google Introduces SAIF, a Framework for Secure AI Development and Use
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
