What are shadow copies?
Intermediate – Cybersecurity
Reading Time – 1 minute, 28 seconds
What are shadow copies? It’s a technology that enables backing up of open files and creating snapshots of files and drives in your computer system according to a schedule. It was first introduced by Microsoft Corporation as a service in the Windows operating system. The initial version of this technology was only able to create and back up a temporary snapshot of files. In the later versions, the ability to restore files from the snapshot was also incorporated.
Shadow copy service provides an additional restore option to regular backups. it is a more effective service to run if files are often added or changed in your computer system. Unlike regular backups, they can save only the changes made to the files. If the file is not changed, the file is not recorded in the snapshots or the backup. The snapshots are limited by the space allocated to them and the number of snapshots that can be created. However, this service is very fast as it only saves the changes and executes at the block level.
When a file is newly created in your file system, the shadow copy service makes a complete copy of the file to its storage which is referred to as the snapshot area. Afterward, only the changes made to that file are saved to the shadow copy area. When the allocated storage space for the snapshot area is full, the oldest snapshots are removed in the first-in-first-out method to make space for the revisions of new files or the new snapshots. It is the shadow copy service that decides which files are removed from the storage to make space for the new snapshots. Hence, the files you require may or may not be available in the storage area.