Encryption of hibernation sleepimage
Hey,
Tried searching but could not find a definitive answer. Encryption of "Safe Sleep" file? is the closest I could get but it was last updated in 12/2011.
When a Mac goes into hibernation (or safe sleep) the Operating System (OS) pauses all activity, dumps the contents of memory (RAM) to disk in /var/vm/sleepimage file and then powers off the Mac. During wake up, /var/vm/sleepimage is read by the firmware and the Mac is restored to the saved state before power off.
Is the file /var/vm/sleepimage encrypted? Would it be possible for an attacker to remove the hard disk from a Mac which is hibernating, mount it on a different machine and read unencrypted contents of the sleepimage file? Since sleepimage holds the contents of RAM, it can potentially contain passwords, or other exploitable information. I did a "strings" search on the file and did get a many lines of plain english text.
Any pointers?
Appreciate your response, Thank you!
Thanks,
Ameen.
MacBook Pro with Retina display, OS X Yosemite (10.10.2)