明日のFNG04向け
参考資料になりそうな URL のメモ。日本語でフォレンジック関連の情報って id:nmantani さんのしか見あたらなかった。
■基本情報
http://www.microsoft.com/japan/windowsserver2003/evaluation/demos/flash_animations/05vss.htm
http://www.atmarkit.co.jp/fwin2k/dnsvrguide/storage/storage_03.htmlTurning off volume shadow copy
http://en.kioskea.net/faq/sujet-2679-turning-off-volume-shadow-copyVolume Shadow Copy Service Tools and Settings
http://technet.microsoft.com/en-us/library/cc787108(WS.10).aspx■フォレンジック関連情報
Vista Volume Shadow Copy issues
http://forensicsfromthesausagefactory.blogspot.com/2009/08/vista-volume-shadow-copy-issues.htmlVISTA and Windows 7 Shadow Volume Forensics
http://blogs.sans.org/computer-forensics/2008/10/10/shadow-forensics/Vista Volume Shadow Service (VSS) Information - Assistance Request
http://www.forensickb.com/2007/11/vista-system-restore-point-information.htmlVolume Shadow Copy の解析
http://d.hatena.ne.jp/nmantani/20081014/1223990758■ツール関連
VSS: mount virtual shadow copy files as logical drives.
http://www.dmares.com/maresware/whats_new.htm#VSSShadowExplorer
http://www.shadowexplorer.com/Live View
http://liveview.sourceforge.net/TimeTraveler
http://wareseeker.com/Utilities/timetraveler-32-bit-1.3.zip/3be7366060
