Long time lurker, first time poster. I am setting up a live box to do malware analysis and was wondering if anyone could advise a good backup program that supports labeled point-in-time snapshots. I would also like the programs to store the backups/snapshots on a FTP site in the event that the snapshots/backups become corrupted, encrypted, etc. I have looked in Macrium, RollbackRX, and TimeMachine, but cant tell if any of them support FTP storage of the snapshots/backups. Does such a beast exist? Thanks alot. Adm
Reflect, via its scripting options (PowerShell, VBScript and even Batch) should be able to do that without issue. You can read their boiler plate stuff concerning your issues HERE. Rollback is clearly out and FlashBack (aka Time Machine) does not make its scripting options very public knowledge... but I believe it can be done.
Thanks! Why is rollback out? No support for FTP? Does Macrium support the names snapshots that allows me to roll back quickly to a point in time? For example, I would want to create a snapshot right before installing something, test software, and then rollback to the clean environemtn.
If you're using the MANUAL feature of Macrium, you may easily create a script that basically asks you to select what type of snapshot you'd like to do (INCREMENTAL, DIFFERENTIAL or FULL) and COMMENT it accordingly prior to execution. Although this may produce produce unintelligible FileNames (named with sequence or at random with sequence), they are fully commented under Reflect's restoration interface. EDIT: I need to back off some of the claims above... some of the scripting is not as flexible as I originally thought. EDIT2: It can definitely be done via slight edits to their automatic BATCH file creation. EDIT3: It looks as though it can be done easily under VBScript as well. I'm just not very familiar with PowerShell scripting... sorry.
No support for even getting your hands on the snapshot DATA itself... it's totally hidden on the protected partition(s)
There exists an "unsupported" CLI (Command Line Interface) within FlashBack and located in its Program folder. The snapshot/backup options may be found doing the following... FlashbackCmd.exe /cmd=backup /? An typical example of the above... FlashbackCmd.exe /cmd=backup /volume=C /destination=D:\AXTM /description="Backup description" These command structures should be able to be used easily in a standard BATCH file along with some FTP directives to copy the result off to your CLOUD.
Will RollbackRX creates a hidden partition for its snapshots? If so, this should protect it from being encrypted by malware as the user wont have access to it and therefore the ransomware will not either. I could then theoretically use acronis periodically to create a images of the entire drive, including that hidden partition, to keep the snapshots secure and stored on my ftp server.
It is not a hidden partition. That data is just stored in empty sectors that the rollback filter driver keeps track of. One question. How critical is your data?
Not critical. Annoying if I had to reinstall, but if I use a tool like rollback with periodic acronis disk imaging, I should be ok.
Rollback's DATA is not located in a hidden partition... it's left in place when a new parent reference is created (a snapshot). Windows (or anyone else) has no idea where the bits and pieces are located, only the special Rollback driver and database know where its at. You'll definitely need a FULL ALL SECTOR disk image periodically to be able to back up Rollback. And with Rollback, you're as much at risk against itself as you might be against ransomeware. Also, if the protected disk is an SSD, the OS TRIM function is inoperative while Rollback is in control. This DOCUMENT on the Rollback Forums would be a good read before you make your final decision.