When a Windows system hibernates (or enters a similar power saving mode), the contents of system memory is written to a file on the hard drive (in Windows XP this file is C:\hiberfil.sys). The temporary storage for each running program is stored unencrypted in RAM and, therefore, unencrypted on the hard drive during hibernation. Even when you are using programs such as PGP or TrueCrypt to encrypt disk volumes, files that are open and in use may be stored unencrypted during hibernation. So while it may not be possible for an intruder to guess the password necessary to re-mount a PGP or TrueCrypt volume, the contents of open files may be present in the hibernation file.
Same goes for passwords and other sensitive information – passwords typed into programs before hibernation, if they are still running during hibernation, may also be stored in plaintext (unencrypted).
Hibernation is an operational reality (or at least a time-saving convenience) for many people, even those who work on highly sensitive information. If you must work on sensitive files and use hibernation mode, follow these steps:
1. Prior to hibernation, close sensitive files.
2. Exit programs that may have stored passwords in RAM. Examples are browsers, file editors, and encrypted volume managers such as PGP and TrueCrypt.
3. Dismount encrypted volumes.
4. Enter hibernation mode. It is arguably safer to just shut down the system rather than use hibernation. But your work patterns and the nature of your sensitive work may permit hibernation if you take the precautions listed above.
Read a similar tip about erasing your hibernation file when you shut down your computer.