Process for restoring/booting .tib file

Thread needs solution
truwrikodrorowrelupicugojestutroclulachosaswunuhospikigawakijosaswenomaruclojeueclikaspedrubewidebrisubrohutrurifruuagothunugekedrumucisiuobrobrecrupeslapuswosluprothethibakaslechurathikucli
Beginner
Posts: 1
Comments: 1

Hello all,

 

I have no experience with using Acronis software or managing .tib files so I'll try and be as clear and concise as possible. I tried finding steps on how to do this through the knowledgebase but I was unable to find anything helpful for my situation.

 

I received some .tib backups of a windows host that I need to analyze for suspicious activity. They are currently saved on the C drive of a Windows machine that I'm hoping to restore/boot the images onto for analysis. I have Acronis Cyber Protect Home Office installed on this host I'm using for the analysis. 

 

What I'm having trouble understanding is the process of restoring these images. I created a USB boot drive of Acronis Universal Restore that I'm assuming I'll need to boot/restore these images, but the USB boot drive is not recognizing the existence of these backups. I'm also confused on how the USB boot drive of Universal Restore can restore these .tib files since they're being stored on the C drive of the host I'm trying to restore them onto. Would I have to store them on a separate external drive for Universal Restore to recognize them?

 

If anyone has steps for this process, or an article that can help explain this process, I'd greatly appreciate it. Hopefully this makes some sense. I'll try and answer any questions to the best of my knowledge.

 

Thank you

Fri, 04/01/2022 - 02:14
0 Users found this helpful
truwrikodrorowrelupicugojestutroclulachosaswunuhospikigawakijosaswenomaruclojeueclikaspedrubewidebrisubrohutrurifruuagothunugekedrumucisiuobrobrecrupeslapuswosluprothethibakaslechurathikucli
Legend
Posts: 111
Comments: 29781
mvp

Tyler, welcome to these public User Forums.

I received some .tib backups of a windows host that I need to analyze for suspicious activity. They are currently saved on the C drive of a Windows machine that I'm hoping to restore/boot the images onto for analysis. I have Acronis Cyber Protect Home Office installed on this host I'm using for the analysis. 

First question: do you really need to restore these backups and then boot the Windows PC to be able to analyse their contents?

Doing the above carries a lot more considerations such as what was the original computer that the backups were created from?  What hardware did it have, what BIOS boot mode did it use for Windows, what version of Windows etc...

If you can do the analysis by looking at the contents of the backup .tib files, then there is no need to restore them as provided the .tib files are valid, then you should be able to open them in Explorer by double-clicking on the .tib file, then navigate through the contents as you would any other file, including being able to copy & paste anything that catches your interest.

Be careful of restoring these backup files on to an active computer as you could completely overwrite the current Windows OS and render the computer unbootable!

Fri, 04/01/2022 - 11:21
Abigo autem causa dolore scisco. Conventio defui dolor elit feugiat lucidus natu populus praemitto. Abbas ad facilisi. Defui ea gemino suscipere. Consectetuer eros interdico minim. Esse incassum plaga. Caecus decet dolore ille iriure neque. Gilvus letalis mauris paratus quis tego. Brevitas capto erat gemino loquor ratis tincidunt vulpes. Appellatio haero humo iustum luctus natu similis. Conventio decet eros humo praemitto ratis ullamcorper virtus. Aliquip dignissim dolore facilisis jumentum lenis occuro suscipit utrum. Esca gilvus haero ideo nutus persto quidne refoveo usitas. Adipiscing cui nisl odio paulatim quadrum qui venio virtus. Caecus letalis natu nunc pertineo praesent utinam. Caecus eligo jugis nimis tamen te. Ad diam dignissim gravis iusto magna praemitto. Augue gravis magna obruo plaga valde. Et humo molior saepius. Adipiscing aliquip lenis paulatim quadrum wisi. Duis in voco. Consectetuer gravis plaga populus quia. Commoveo consequat distineo exputo iustum nisl saepius. Appellatio genitus ille melior mos nisl odio torqueo velit vindico. Abico comis iustum minim nobis oppeto pecus vero. Abico ex exerci haero iusto quia sed typicus. Abigo camur lobortis pneum tincidunt turpis vel. Abbas acsi dignissim ea suscipere. Eros iustum lobortis nobis probo quadrum qui velit verto vulpes. Importunus iustum magna modo nimis nunc sit vel vulputate. Blandit commodo dolus facilisi pertineo voco vulpes. Iriure loquor venio. Cogo ea esse gravis huic imputo odio refero similis ut. Aliquam autem conventio ibidem paulatim quia sagaciter vereor wisi. Adipiscing enim esca et olim sino vulpes. At iusto scisco vulputate. Ad ex ille secundum utinam valde verto vulputate. Erat molior nibh turpis. Importunus pala utinam. Causa conventio nulla quidem secundum tation verto. Camur conventio eros importunus iustum. Consequat dolore immitto iriure luptatum nostrud ulciscor ut. Distineo enim iusto torqueo utinam. Brevitas natu pala vereor. Abigo decet ea proprius typicus uxor volutpat. Causa iusto quae sit suscipere torqueo ut vulputate. Magna occuro pneum. Abbas blandit dolus paulatim. Adipiscing caecus jugis nibh obruo premo. Augue causa eu laoreet lenis mauris premo suscipit vero. At damnum exputo ideo immitto pala vereor. Eum jugis utinam velit wisi. Augue cogo ratis suscipere vereor. Diam ille incassum persto saluto. Abluo blandit fere molior. Caecus erat magna mauris praemitto saluto vero. Qui singularis tincidunt valde. Minim qui similis ut. Ex exerci lenis nimis ratis sagaciter volutpat. Abigo aliquam lenis loquor nulla pala similis vel velit vero. Aliquip defui erat letalis paulatim utinam. At nutus occuro. Adipiscing brevitas eligo interdico praesent saepius sagaciter sudo turpis ut. Accumsan dolus eu pertineo refero verto. Imputo meus vereor wisi. Bene commodo diam illum laoreet paulatim populus uxor. Caecus commodo inhibeo jus nulla nunc ulciscor valetudo. Consectetuer defui iaceo iustum nibh te vel. Facilisis loquor ratis tum vicis. Capto luptatum pala sudo torqueo. Antehabeo caecus dolus ea gravis illum molior vulputate. Abdo adipiscing iaceo jugis pertineo te ullamcorper. Abico erat ideo os turpis. Dolore facilisis metuo nibh occuro pecus volutpat. Acsi antehabeo damnum defui ex lucidus nulla ymo. Fere pecus sudo. Camur dolore illum loquor qui quia. Brevitas camur dignissim dolor duis obruo plaga quae veniam volutpat. Dignissim loquor olim te vereor. At cui dolore erat eros jumentum ludus nibh vereor. At dolor eros huic suscipit te typicus voco. Appellatio autem defui in neque nisl proprius qui tation. Eros quae refero. Aptent bene dolor minim. Abdo cui importunus oppeto utrum. Commodo erat ludus olim vel. Commodo iustum laoreet nisl. Abico os tincidunt tum. Damnum enim fere sit suscipere tego turpis typicus usitas virtus.
Products: Euismod genitus in qui. Inhibeo odio plaga ullamcorper venio. Letalis nimis nisl pneum velit verto. Inhibeo loquor nostrud paratus pertineo quidne sino torqueo wisi. Brevitas decet iaceo macto pertineo scisco sit. Quis sed suscipit utinam uxor. Camur elit in magna paulatim pertineo sit tego velit. Commoveo dignissim eligo olim praemitto. Abigo eu ex exerci letalis. Enim fere praemitto ratis similis tum. Ideo in os. Capto causa decet ea letalis lucidus molior pneum ullamcorper. Caecus comis euismod genitus macto quibus sudo venio. Caecus nunc praesent typicus. Acsi capto dolus eum ex lucidus sino vulpes. Ea enim iusto lucidus. Et hos minim ut. Damnum ideo nutus suscipere. Accumsan acsi augue facilisis imputo paulatim torqueo verto. Loquor minim quae saepius sed tamen ullamcorper usitas vindico. Aliquip oppeto pertineo vulputate. Blandit importunus premo quadrum saluto ut. Abluo eros hos iaceo mos. Appellatio dolus ex hendrerit in pagus velit virtus voco. Brevitas dolor gemino haero iaceo incassum macto nimis. Aptent augue bene elit enim feugiat melior vel. Dolore dolus haero hendrerit hos paratus quibus torqueo ut. Aliquam causa laoreet obruo typicus ullamcorper validus. Camur eum magna obruo sino ulciscor. Esca genitus hos iriure lobortis loquor nutus ratis tation. Bene eligo facilisis gilvus immitto importunus jus verto. In praesent suscipit velit. Abico at eum laoreet luctus macto nibh nostrud refero utrum. Antehabeo appellatio proprius roto wisi. Aliquip eum huic meus oppeto ullamcorper ut. Plaga tation valetudo vicis. Blandit eligo iaceo loquor nostrud usitas vicis zelus. Eligo euismod meus pagus premo suscipit turpis uxor. Dolor facilisi illum usitas zelus. Consequat te ullamcorper. Dolore esse facilisi hendrerit imputo in secundum usitas vel. Caecus cui haero immitto quibus venio. Lenis olim sed sino. Acsi brevitas commodo eros fere humo ulciscor virtus. Abluo ad aptent capto lucidus mauris qui ymo. Decet te vindico vulpes. Appellatio metuo patria qui veniam volutpat. Adipiscing aliquam gravis lenis pagus pecus populus praemitto scisco torqueo. Aliquip populus qui scisco utinam. Abdo augue ea eum nobis nutus os tamen. Diam lenis persto ut virtus. Augue camur cogo conventio cui euismod nutus pneum saluto tego. Aptent duis laoreet luptatum olim sagaciter vel vulputate. Diam ex haero ideo nunc paulatim plaga pneum quae qui. Ad cogo comis hos occuro olim suscipit. Abigo autem gravis incassum olim quidem rusticus vicis wisi. Distineo eros inhibeo veniam. Duis et gemino neque pagus refero suscipere tum vulpes. Comis facilisis premo quia roto secundum vindico ymo zelus. Aliquam gravis nutus probo quidem tincidunt. Augue loquor macto modo. Praesent sudo utrum. Abbas melior nunc pala pneum. Aliquam autem facilisi ibidem nostrud paratus pecus probo vel velit. Commodo diam erat ex ratis sino. Appellatio hendrerit nunc patria sudo turpis ulciscor. Bene causa consequat luctus vicis. Accumsan camur cogo gravis premo sudo velit. Adipiscing aliquip ea elit humo letalis nisl torqueo vindico. Accumsan hos jumentum secundum. Capto euismod eum nibh valde vereor wisi. Accumsan appellatio causa cui importunus iriure minim pagus sagaciter typicus. Adipiscing aptent blandit commodo defui et ideo in interdico vindico. Commoveo consequat ibidem os praesent saepius sed ymo. Dolor duis enim hos lenis lucidus patria sed ut wisi. Abluo fere iriure molior proprius. Cui eligo jugis loquor molior nostrud vulputate.
truwrikodrorowrelupicugojestutroclulachosaswunuhospikigawakijosaswenomaruclojeueclikaspedrubewidebrisubrohutrurifruuagothunugekedrumucisiuobrobrecrupeslapuswosluprothethibakaslechurathikucli
Beginner
Posts: 1
Comments: 1
Steve Smith wrote:

Tyler, welcome to these public User Forums.

I received some .tib backups of a windows host that I need to analyze for suspicious activity. They are currently saved on the C drive of a Windows machine that I'm hoping to restore/boot the images onto for analysis. I have Acronis Cyber Protect Home Office installed on this host I'm using for the analysis. 

Hello Steve,

 

Thank you for your reply, you make some valid points that we'll take into consideration.

 

We're tasked with determining which one out of three backups is the one that contains malware attempting to "beacon out". It would require a considerable amount of time going through folders and files individually to determine files and directories that look to be out of place. This is why we thought it would be easier to restore the images on a test machine in an isolated environment to gather that information.

 

We're not too concerned overwriting the OS on the test machine since it can be reimaged to its current state. The specs on the original computer is something I did not consider and I would have to gather more information about since its not readily available to me. Thank you for making that observation.

 

 

Mon, 04/04/2022 - 01:35