Notifications

Clear all

System Restore Logs

General (Technical, Procedural, Software, Hardware etc.)

Last Post by nightworker 10 years ago

3 Posts

2 Users

0 Reactions

2,163 Views

RSS

fzellers

(@fzellers)

Active Member

Joined: 17 years ago

Posts: 5

Topic starter 12/04/2015 3:26 am

I am working on a case where I need to find system restore logs (when a Windows 7 system was restored). In the Windows 7 event logs I discovered several system restores under the Application.evtx windows event log.

I also discovered several files under the \Windows\Logs\SystemRestore directory

Questions

#1. Do the "SrTask.0.etl files show system restores that were accomplished as part of a pre-set system task?

#2. Is the restore.0.etl a user initiated system restore?

Quote

nightworker

(@nightworker)

Estimable Member

Joined: 16 years ago

Posts: 134

12/04/2015 9:44 pm

yes i tought because in my computer there is no task to restore computer and as you can see from the picture

ReplyQuote

nightworker

(@nightworker)

Estimable Member

Joined: 16 years ago

Posts: 134

13/04/2015 3:06 am

you can olso look change log of system volume informaiton folder what is volume shadow copy(system restore) source files to control that

ReplyQuote

8 Forums
15.7 K Topics
92.3 K Posts
340 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed