Rezifp Pharma Malware Recovery and Backup Lab

(Ficticious Organization)

Lab

This lab focused on strengthening data resilience and securing backup processes at Rezifp Pharma Inc. in response to recent malware attacks. I implemented robust backup strategies, ensured data integrity, and tested system recovery against potential threats.

Technical Skills

✅ Full & Incremental Backup Management
✅ Data Restoration & Integrity Validation
✅ Backup Security & Malware Resilience
✅ Archive Inspection & Recovery
✅ Disaster Recovery Planning
✅ Cyberattack Simulation & System Testing

Creating the Backup Archive

Following the standard naming convention of Rezifp Pharma Inc., I created a daily backup of the files located in the ~/Documents/epscript directory. Using the tar cvvWf command, I compressed and archived these files into a single tarball for secure storage. Afterward, I used the ls command to confirm that the backup had been created successfully.

Previewing the Backup File

After creating the backup, I used the less command to preview the files and directories contained within the archive. This step ensured that the backup accurately captured the intended data.

Listing Archives in the Backup Directory

I used the ls command to display all available backup archives stored in the backup directory. This helped me confirm the list of stored backups and ensure everything was organized correctly.

Restoring the Backup

I identified the correct backup archive containing the missing files and then used the tar -xvf command to extract the entire backup archive. Afterward, I focused specifically on the patient files that were missing to restore them accurately.

Listing Files from the Restored Directory

After restoring the files, I used the ls -l command to list all files and directories within the restored directory. This allowed me to confirm that the missing patient files were successfully restored and accounted for.

Listing Folders to Be Backed Up in the testenvir Directory

I used the ls -l command to list all the files and subdirectories within the testenvir directory. This allowed me to capture the current state of the directory before performing the backup.

Backing Up Directories with Incremental Backup

I performed a level 0 (full) backup to capture the entire testenvir directory. This established the baseline for all subsequent incremental backups.

Verifying Backup Status

I verified the contents of the full backup archive by using the tar -tvf command, piping the output through less to preview the files. This allowed me to confirm that the backup was correctly created and captured all necessary files.

Simulating Cyberattack by Removing the Patient Directory from testenvir Directory

I confirmed the presence of the patient directory in the testenvir directory using the ls command. After confirming its presence, I deleted the patient directory and all associated files using the rm -r command to simulate the loss of data during an attack. Finally, I verified that the patient directory was missing by running the ls command again.

Restoring the Patient Directory from the Backup

I navigated to the testenvir parent directory to ensure the backup restoration occurred in the correct location. After that, I restored the patient directory from the full backup archive using the appropriate command. Finally, I verified that the patient directory had been successfully restored by running the ls command.

Testing Incremental Backup by Creating New Files

I created three new files using the touch command to simulate updates or additions to the directory. Afterward, I listed the contents of the patient directory using ls to verify that the new files had been successfully created.

Backing Up New Files with Incremental Backup

I ran the incremental backup targeting the changes in the testenvir/patient directory to back up the new files that were added.