Notifications
Clear all

System Restore

1 Posts
1 Users
0 Likes
443 Views
(@christ143uk)
Posts: 51
Trusted Member
Topic starter
 

Hi,

I am working on a job where it is believed a user has conducted a system restore at some point prior to January 2016.

The OS is Windows 10 and I cannot VM the device.

My question is where might I find evidence that a system restore has been conducted?

Is there a particular Event ID to look for in logs? (if they go back this far)

If I were to boot up the computer should it tell me in system restore that I can "undo"/rollback the system restore if one has been done?

I will also be looking into system refresh/reset as there is some evidence this may have been used.

Thanks

 
Posted : 19/10/2016 3:15 pm
Share: