RESTORE POINTS vs. VOLUME SHADOW COPY
• History of Restore Points & Volume Shadow Copy
RESTORE POINTS vs. VOLUME SHADOW COPY
•History of Restore Points & Volume Shadow Copy
•Benefits for Windows operating system
•Client vs. Server side of Windows operating systems
•Location of Restore Points & Volume Shadow Copy
RESTORE POINTS (Windows XP)
RESTORE POINTS (Windows 7)
RESTORE POINTS vs. VOLUME SHADOW COPY
•History of Restore Points & Volume Shadow Copy
•Benefits for Windows operating system
•Client vs. Server side of Windows operating systems
•Location of Restore Points & Volume Shadow Copy
•Restore Point & Volume Shadow Copy Settings
RESTORE POINTS (Windows XP)
HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\SystemRestore
RESTORE POINTS vs. VOLUME SHADOW COPY
•History of Restore Points & Volume Shadow Copy
•Benefits for Windows operating system
•Client vs. Server side of Windows operating systems
•Location of Restore Points & Volume Shadow Copy
•Restore Point & Volume Shadow Copy Settings
•Evidentiary value of being able to examine Restore Points &Volume Shadow Copy
VOLUME SHADOW COPY
•Shadow Explorer ver.0.9
•vssadmin
–vssadmin list shadows /for=C:
–mklink /d c:\sc1 \\?\GLOBALROOT\Device\ HarddiskVolumeShadowCopy7\
•PDE – Physical Disk Emulator in EnCase v.7