Hi, I use windows hibernate a lot. One vulnerability of hibernate is that the contents of RAM get written to the hard drive in unencrypted form in a file called hiberfil.sys. This means that any unencrypted temporary files on the disk created by encryption software (like Axcrypt does) and encryption keys in RAM used to access these containers/files will be written to hiberfil.sys and can be extracted if a malicious party has physical access to the drive.
The temporary files created by Axcrypt I can deal with, simply closing Axcrypt before hibernating and/or ‘cleaning up’ Axcrypt before closing.
The issue of encryption keys in RAM is more problematic though. Thus, the question:
Does Axcrypt store encryption keys or log in details in RAM at any time while in use or while it is holding files open and in unencrypted form? If it does, these keys would be in plain text form and theoretically extractable from the hibernation snapshot so I need express confirmation either way.
Thanks.
