• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • VCS
  • Interview Questions
  • Database
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

vshadowmount: command not found

by admin

The Windows Volume Shadow Copy Service (VSS) allows for backups of files, even protected system files, to be made while the operating system is running. Windows uses VSS to make periodic differential backups of the blocks of data on NTFS volumes. These backups are called volume shadow copies and are stored in the System Volume Information folder at the root of the volume. Analyzing these backups allows forensic tools to provide snapshots of what the system (including user data) looked like at various points in time, allowing for recovery of deleted or overwritten files, snapshots of the registry and log files from previous points in time, and comparisons of how files may have changed over time. On a live system, the vssadmin command can be used to list the available volume shadow copies.

Open‐source tools can also be used to access volume shadow copy data from an imaged drive. One popular project for this purpose is libvshadow, located at https://github.com/libyal/libvshadow. libvshadow is also included in the SIFT forensics workstation. Once installed, libvshadow provides two command‐line tools to access volume shadow copy data. The vshadowinfo utility shows the volume shadow copies present, and vshadowmount allows you to mount a specific volume shadow copy for further analysis.

If you encounter the below error:

vshadowmount: command not found

you may try installing the below package as per your choice of distribution.

Distribution Command
Debian apt-get install libvshadow-utils
Ubuntu apt-get install libvshadow-utils
Kali Linux apt-get install libvshadow-utils
Raspbian apt-get install libvshadow-utils

Filed Under: Linux

Some more articles you might also be interested in …

  1. trace-cmd: command not found
  2. ctags: Generates an index (or tag) file of language objects found in source files for many popular programming languages
  3. What does refid value “.LOCL.” mean in NTP
  4. Linux OS Service ‘sshd’
  5. timeshift Command Examples in Linux
  6. comby: Tool for structural code search and replace that supports many languages
  7. einfo: command not found
  8. jobs: command not found
  9. git bisect: Use binary search to find the commit that introduced a bug
  10. quotaon command examples in Linux

You May Also Like

Primary Sidebar

Recent Posts

  • “glab issue” Command Examples
  • “glab auth” Command Examples
  • “glab alias” Command Examples
  • gixy Command Examples

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright