Quantcast
Channel: VMware Communities : All Content - All Communities
Viewing all articles
Browse latest Browse all 179681

Sabotage ? - who can write into the first 1500 Mb of a VMFS-volume ?

$
0
0

I have seen some strange things in my recovery work - but this one is the strangest so far.

 

A standalone ESXi 5.0.0 was running 4 VMs on local storage.
Today the 4 VMs have been replaced by content that looks like a directory structure from a company fileserver.
The directories of 3 of the VM are missing and the one that is still there now is filled with a directory tree several levels deep.
The directory tree is up to 7 subdirectories deep but does not contain a single file.
I dumped the first 1500 Mbs to see if I have a chance of recovering the 4 VMs
In the 1500 Mb dump I noticed html files and office documents.
If I look at .sbc.sf I see references to pdf files that do not exist when I look at the volume with WinSCP or Datastorebrowser.

 

Question:
who can write into the first 1500 MB of a VMFS-volume ?
who can write into sbc.sf


Viewing all articles
Browse latest Browse all 179681

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>