System Restore Logs

General (Technical, Procedural, Software, Hardware etc.)

Last Post by nightworker 9 years ago

3 Posts

2 Users

0 Likes

1,612 Views

RSS

fzellers

(@fzellers)

Posts: 5

Active Member

Topic starter

I am working on a case where I need to find system restore logs (when a Windows 7 system was restored). In the Windows 7 event logs I discovered several system restores under the Application.evtx windows event log.

I also discovered several files under the \Windows\Logs\SystemRestore directory

Questions

#1. Do the "SrTask.0.etl files show system restores that were accomplished as part of a pre-set system task?

#2. Is the restore.0.etl a user initiated system restore?

Posted : 12/04/2015 3:26 am

nightworker

(@nightworker)

Posts: 134

Estimable Member

yes i tought because in my computer there is no task to restore computer and as you can see from the picture

Posted : 12/04/2015 9:44 pm

nightworker

(@nightworker)

Posts: 134

Estimable Member

you can olso look change log of system volume informaiton folder what is volume shadow copy(system restore) source files to control that

Posted : 13/04/2015 3:06 am

8 Forums
15.5 K Topics
92 K Posts
2 Online
40 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed