Task 9.5: Recovering Previous Versions of Files
Very often, when a system has been compromised, or when you find unacceptable use of a system, the attacker attempts to cover their tracks by deleting the incriminating evidence, either content within a file or the file itself. It is possible to recover this deleted content using a tool that was introduced with Windows Server 2003 and XP. It is called Volume Shadow Copy (the backup portion) and Previous Versions (the recovery portion).
Volume Shadow Copy (VSC) is available only on Server 2008, Server 2008 R2, and Server 2003. Server 2008 servers, R2 servers, Server 2003 servers, and all Microsoft clients (including NT 4, 9x, ME, Windows 2000, XP, Windows Vista, and Windows 7) can recover previous ...
Get Security Administrator Street Smarts: A Real World Guide to CompTIA Security+™ Skills, Third Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
