Q:

Often overlooked part of incident response

Has anyone else noticed that during incident response the real problem often starts after containment?

Systems get wiped or reimaged quickly to remove the infection, and only later teams realize important local user data or shared folders were never properly backed up. At that point Windows won’t mount the drive and access is gone while the business is already down.

In a similar case we had to pull documents directly from the disk before rebuilding the machine — a recovery scan (we tried Stellar Data Recovery) was basically the only way to extract user files before formatting.

Are others seeing this gap between cleanup and actual data recovery as well?

  • This topic was modified 14 hours, 17 minutes ago by Nina Calder.
Windows data recovery
  • You must be logged in to reply to this topic.
New to Communities?

New to Communities?

Ask a Question