Get Help Now
    24/7 Support

    Volume Shadow Copy Analysis

    Today let’s talk about the Volume Shadow Copy Service ( “VSS”), like everybody knows, this service is an integral part of the Windows operating system and is essential for analysts. Copy Service (VSS) provides two functions: snapshot (short-term backup of all files NTFS volume) and archiving of files opened or blocked an application like Microsoft SQL Server or Microsoft Exchange. VSS creates shadow copies on a schedule or on demand.

     

    One of the most popular uses Volume Shadow on newer (post-XP) operating systems, system restore points. Very well describe how to restore the system and the installation of VSCs – Live system Matt’s post.

     

     

    Using the shadow copy volume is only a relatively simple way the complete or partial recovery information encrypted malware. Of course, in addition to recovery from previously created backups, which are almost never available. In most cases, decryption is not possible. With scanty likely to help the specialized software antivirus companies, specially designed to decrypt files.

     

    Get more info.



    DISCLAIMER: THIS POST IS FOR INFORMATIONAL PURPOSES ONLY AND IS NOT TO BE CONSIDERED LEGAL ADVICE ON ANY SUBJECT MATTER. DIGITAL FORENSICS CORP. IS NOT A LAWFIRM AND DOES NOT PROVIDE LEGAL ADVICE OR SERVICES. By viewing posts, the reader understands there is no attorney-client relationship, the post should not be used as a substitute for legal advice from a licensed professional attorney, and readers are urged to consult their own legal counsel on any specific legal questions concerning a specific situation.