Difference between pages "Windows Shadow Volumes" and "User:Mikehom"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(External Links)
 
m (Creating user page with biography of new user.)
 
Line 1: Line 1:
==Volume Shadow Copy Service==
 
Windows has included the Volume Shadow Copy Service in it's releases since Windows XP.  The Shadow Copy Service creates differential backups periodically to create restore points for the user.  Windows 7 Professional and Ultimate editions include tools to work with and manage the Volume Shadow Copy Service, including the ability to [[mount shadow volumes on disk images]].
 
  
== Also see ==
 
* [[Mount shadow volumes on disk images]]
 
 
== External Links ==
 
* [http://computer-forensics.sans.org/blog/2008/10/10/shadow-forensics/ VISTA and Windows 7 Shadow Volume Forensics], by [[Rob Lee]], October 2008
 
* [http://forensic4cast.com/2010/04/19/into-the-shadows/ Into The Shadows] and [http://www.forensic4cast.com/2010/04/presentation-into-the-shadows/ Presentation], by [[Lee Whitfield]], April 2010
 
* [http://windowsir.blogspot.ch/2011/01/accessing-volume-shadow-copies.html Accessing Volume Shadow Copies], by [[Harlan Carvey]], January 2011
 
* [http://code.google.com/p/libvshadow/downloads/detail?name=Volume%20Shadow%20Snapshot%20%28VSS%29%20format.pdf Volume Shadow Snapshot format], by the [[libvshadow|libvshadow projects]], March 2011
 
* [http://toorcon.techpathways.com/uploads/VolumeShadowCopyWithProDiscover-0511.pdf Volume Shadow Copy with ProDiscover], May 2011
 
* [http://computer-forensics.sans.org/blog/2011/09/16/shadow-timelines-and-other-shadowvolumecopy-digital-forensics-techniques-with-the-sleuthkit-on-windows/ Shadow Timelines And Other VolumeShadowCopy Digital Forensics Techniques with the Sleuthkit on Windows], by [[Rob Lee]], September 2011
 
* [http://encase-forensic-blog.guidancesoftware.com/2012/06/examining-volume-shadow-copies-easy-way.html Examining Volume Shadow Copies – The Easy Way!], by [[Simon Key]], June 2012
 
* [http://justaskweg.com/?p=351 Getting Ready for a Shadow Volume Exam], by [[Jimmy Weg]], June 2012
 
* [http://justaskweg.com/?p=466 Mounting Shadow Volumes], by [[Jimmy Weg]], July 2012
 
* [http://justaskweg.com/?p=518 Examining the Shadow Volumes with X-Ways Forensics], by [[Jimmy Weg]], July 2012
 
* [http://justaskweg.com/?p=710 “Weg, I’m afraid that I don’t have VMware. How do I Examime Shadow Volumes?”], by [[Jimmy Weg]], August 2012
 
 
== Tools ==
 
* [[EnCase]] with VSS Examiner Enscript (available from the downloads section of the GSI Support Portal)
 
* [[libvshadow]]
 
* [[ProDiscover]]
 
* [http://www.shadowexplorer.com/ ShadowExplorer]
 
* [http://dfstream.blogspot.ch/p/vsc-toolset.html VSC Toolset]
 
 
[[Category:Volume Systems]]
 

Latest revision as of 15:31, 22 October 2010