About the author

Related Articles

4 Comments

  1. 1
    Hannes

    Hannes de Jager

    Make use of the NTFS Change Journal. Windows logs all changes to all files on an NTFS volume in a journal database (if the journal is on). This can be queried to return all changes from a specific start USN number (your restore point)

    Here is an article about the journal that helped me a lot while implementing change journal functionality

    Reply
  2. 2
    lalli@email.null'

    lalli

    I guess the best way IS brute-force, coupled with USN number-comparison For reference, the link to a similar question is here

    Reply
  3. 3
    Krish@email.null'

    Krish

    Windows know from the attributes date modified. It compares the the two file and checks the modified date.

    Reply
  4. 4
    Jim

    Jim Lutz

    To detect changes in the current file system vs a shadow copy, you can use a third party software like WinMerge with the shadow copy UNC paths
    http://winmerge.org/. This will provide a GUI for comparisons

    For example, use “C:”, vs “localhostC$@GMT-2017.08.24-18.07.46”

    Of course, enter a valid UNC path to coincide with the date and time of a shadow copy.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2017 SolutionMmyself.com