Shadowcopy: A Python-Based Shadow Volume Enumeration and Digest Tool

Abstract

This report presents shadowcopy, tool written in Python that extracts and deduplicates files from Microsoft NTFS Shadow copies using the Microsoft Volume Shadow Service (VSS), copies the files to an external volume, and prepares a report of each extracted file's name, timestamp, original path, and MD5 hash value

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 12, 2011
Accession Number
ADA548850

Entities

People

  • Mike Horn

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Abstracts
  • Access Time
  • Application Protocols
  • Computer Science
  • Computers
  • Contracts
  • Department Of Defense
  • Environment
  • Extraction
  • Information Operations
  • Operating Systems
  • Pipes
  • Spreadsheet Software
  • Standards
  • Test And Evaluation
  • Virtual Machines

Readers

  • Computer Vision.
  • Database Systems and Applications
  • Neurological Diseases/Conditions/Disorders