Highlighted

BESR proof of restore - logs

dear all,

its been a while since I last looked into this logs and cannot recall where and what to look for.

I need to verify if a system has been restored from a BESR backup for auditing purpose.

1- what log file can I see that the system has been restored? (C:\Documents and Settings\All Users\Application Data\Symantec\Backup Exec System Recovery\Logs)

2- what the VSNAP.IDX time stamp tells you regarding restore or backup?

3- if a single file has been restored via the Symantec Recovery Point Browser, would there be any log that states this behaviour?

 

thank you for your help

Eduardo

4 Replies

Hm probably best in the

Hm probably best in the Windows Eventlogs?

it would have been there back

it would have been there back when the system had been restored as we know there will be a gap time stamp on the eventlogs date/time. ... its been 3 weeks so this evidence has gone.

I don't believe that the BESR services would be writig to the event logs prior to bootin the system, unless it injects a runonce or some sort of batch to do it after restoration.

I agree. So basically our out

I agree. So basically our out of luck.

Any questions still open?

Any questions still open?