> Software > Threat Scan > Threat Scan Response > Manual Response > Restoring Resources and Files > Restoring a File System Resource

Performing Forensic Recovery of a File System Resource

You can restore the detected threat content to a cleanroom environment or out-of-place destination to support incident response, validation, and deeper threat analysis without reintroducing risk to production data.

Forensic recovery restores the most recent recovery point with all detected threat content including malware, encryption, and anomalies, enabling security teams to conduct thorough investigation and forensics.

Available restore destinations: Out-of-place or clean room.

Start the Wizard

  1. From the Command Center navigation pane, go to Security center > Threat scan.

    The Threat Scan page appears.

  2. Click the Resources tab to show the resources that are currently scanned by Threat Scan.

    threat_scan

  3. For the resource you want to restore, click the Action button action_button, and then select Restore.

    The Restore wizard appears.

  4. Select Forensic and then click Next.

    threat_scan

    The Recovery Location page appears.

    threat_scan

  5. Select the type of restore to perform: Out of place or Clean room, and then click Next.

Restore Out of Place

  1. To restore out-of-place (to a newly defined location):

    1. Select Out of place and then click Next.

  2. The Backup Content screen appears.

    threat_scan

  3. Select the files you want to restore, and then click Restore.

    The Restore options pane appears.

    threat_scan

  4. Enter the following options:

    1. Destination: Select the server to restore the data to.

    2. Restore to original folder: Restores to the same location.

    3. Destination path: Enter a path.

    4. Use optimal number of restore streams:. Automatically sets the number of streams based on the size of the selected data.

    5. Unconditionally overwrite if it already exists: Select this to overwrite files and folders that are in the destination and have the same names as files and folders that you are restoring.

  5. Click Restore.

Restore to a Clean Room

  1. The Recover resources pane appears.

    threat_scan

  2. Select the runbook for the recovery group that contains the resources you want to recover.

    The Recover resources pane expands.

    threat_scan

  3. To select a specific backup for the recovery, enable the Use custom recovery point for recovery job toggle key, and then select a specific recovery point.

  4. Expand all phases to verify they have a Restore status of Ready, and enable the Skip recovery toggle key for any steps you want to skip.

  5. Click Submit.

×

Loading...