Windows 10: Possible to open "Restore Point" files from "system volume information

Discus and support Possible to open "Restore Point" files from "system volume information in Windows 10 Backup and Restore to solve the problem; Hello! I've a customer with a vista computer (i know, spare the flame:ing *Smile) it was infected with crypt0l0cker and after restoring it to a... Discussion in 'Windows 10 Backup and Restore' started by PatrikL, Jun 13, 2017.

  1. PatrikL Win User

    Possible to open "Restore Point" files from "system volume information


    Hello!
    I've a customer with a vista computer (i know, spare the flame:ing *Smile) it was infected with crypt0l0cker and after restoring it to a previous restore point it seems like the SAM hives or something broke down on it since i cant create new users and some services isnt working as it should included VSS (so I cant do a new system restore).

    So I can't use "system restore" app but the files/snapshots are still present under "system volume information", is there a way to open these files on another computer, to browse them and save some of the files in it?

    EDIT: I found a good solution please se my reply further down. (this will work on other systems then Vista)


    //BR
    Patrik

    :)
     
    PatrikL, Jun 13, 2017
    #1
  2. atikuruu Win User

    5800 XM " General: System Error " on saving music file

    WHAT CAN I DO NOW
     
    atikuruu, Jun 13, 2017
    #2
  3. " NOKIA X2 " How to Hide Files (Photos/Videos) from Gallery view..??

    hi .. i hav found one trick by which we can hide all photos and videos/mp3 from gallery.

    m using this ith my nokia c3 . very nice privacy trick.



    Best Way To Hide Files Folders in Nokia s40 Symbian OS
     
    rockpop989, Jun 13, 2017
    #3
  4. dalchina New Member

    Possible to open "Restore Point" files from "system volume information

    dalchina, Jun 13, 2017
    #4
  5. PatrikL Win User
    Ok! Found a solution!

    I read that the shadow copies have links to \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy

    So I created a symlink on the machine with the following command:

    ex: mklink /D C:\shadow_volume_1 \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\

    which mounts the first shadowcopy to a folder in C: named shadow_volume_1 and there I could explore all the files. So I found which shadowcopy which was closest to before the files were encrypted and then copied them to a external drive.

    I also found out that there are some tools for this ex. libvshadow, VSC toolset, etc.

    Info can be found here:

    Mount shadow volumes on disk images - ForensicsWiki

    Windows Shadow Volumes - ForensicsWiki
     
    PatrikL, Jun 13, 2017
    #5
  6. dalchina New Member
    Sounds like you'll have a very happy customer! Well done. (Encourage them to start using disk imaging)
     
    dalchina, Apr 5, 2018
    #6
Thema:

Possible to open "Restore Point" files from "system volume information

Loading...
  1. Possible to open "Restore Point" files from "system volume information - Similar Threads - Possible open Restore

  2. Moving files from system volume information

    in Windows 10 Network and Sharing
    Moving files from system volume information: Hi, I just faced this problem and need help with it , I accidentally dragged one of my folders to "system volume information" folder on my external drive and it moved there. when i wanted to move it back nothing happened even deleting it doesn't work and i need these files ,...
  3. Moving files from system volume information

    in Windows 10 Gaming
    Moving files from system volume information: Hi, I just faced this problem and need help with it , I accidentally dragged one of my folders to "system volume information" folder on my external drive and it moved there. when i wanted to move it back nothing happened even deleting it doesn't work and i need these files ,...
  4. Moving files from system volume information

    in Windows 10 Software and Apps
    Moving files from system volume information: Hi, I just faced this problem and need help with it , I accidentally dragged one of my folders to "system volume information" folder on my external drive and it moved there. when i wanted to move it back nothing happened even deleting it doesn't work and i need these files ,...
  5. System Volume Information

    in Windows 10 BSOD Crashes and Debugging
    System Volume Information: I make my backups in D drive and have turned the system protection off from the control panel. I backup using the windows 7 backup and restore from the control panel . The issue that whenever I do it the System Volume Info folder in the E drive starts filling automatically....
  6. System Restore from Restore Point is stuck

    in Windows 10 Installation and Upgrade
    System Restore from Restore Point is stuck: Started a system restore from system restore point this morning at 7:30 am. It is now 11:45 am and it is still running. I have done system restore from restore point in the past and it only took 20~30 minutes. What to do now?...
  7. Volume Shadow Services & System Restore Points

    in Windows 10 Backup and Restore
    Volume Shadow Services & System Restore Points: I notices that my "Volume Shadow Services"is set to "manual" mode. Is it suppose to be set to "automatic" mode? Could the fact that it it set to "manual" mode be the reason I'm loosing System Restore Points even though I have 95 GB of storage set aside for these SR points?...
  8. Enabling copying restore points from System Volume Information

    in Windows 10 Backup and Restore
    Enabling copying restore points from System Volume Information: Hi, After some manipulations, I gained entry to the "hidden" folder <System Volume Information> and granted access to all functions to both User and Administrator (both me). No major problem there. Purpose is to backup some restore points to a separate disk, so that I can...
  9. System Volume Information

    in Windows 10 BSOD Crashes and Debugging
    System Volume Information: Is it possible to consolidate the System Volume Information on my HDD, it is currently spread in quite a few places on my hard drive and wish to consolidate it all into one place on my HDD, Is this possible?...
  10. System volume information

    in AntiVirus, Firewalls and System Security
    System volume information: A friend of mine put my pendrive into his pc, after inserting it into pc later I found a fold named system volume information, curiously I clicked on the file in the folder and there was a pop up like command prompt,then nothing happened. After a while all my desktop apps...