Damaged backup data recovery method for Windows mobile

Recent developments in grid and cloud computing technologies have enhanced the performance and scale of storage media. Data management and backup are becoming increasingly important in these environments. Backup systems constitute an important component of operating system security. However, it is difficult to recover backup data from an environment where the operating system does not work because the storage hardware has been damaged. This study analyzes the Volume Shadow Copy Service (VSS) used by the Windows operating system. Windows 8 has been implemented for mobile environments; hence, it could be used for data recovery from damaged mobile devices. VSS is a backup infrastructure provided by Windows that creates point-in-time copies of a volume (known as volume shadow copies). Windows Vista and later versions use this service instead of the restore point feature used in earlier versions of the operating system. The restore point feature logically copied and stored specified files, whereas VSS copies and stores only data that have changed in the volume. In a live system, volume shadow copies can be checked and recovered using built-in system commands. However, it is difficult to analyze the files stored in the volume shadow copies of a nonfunctioning system, such as a disk image, because only the changed data are stored. Therefore, this study analyzes the structure of Volume Shadow Copy (VSC) files that were logically stored. This analysis confirms the locations of the changed data and original copies by identifying a structure that stores the file data stream to file system metadata. On the basis of our research, we propose a practical application to develop tools for the recovery of snapshot data stored within the VSC files. We also present results of our successful performance test.