Not a True Copy: An In Depth Look at a Common Backup Format
Ron Brash
S4x24 - ICS Security Conference · Day 3 · Stage 3
In his S4 conference talk, "Not a True Copy: An In Depth Look at a Common Backup Format," Ron Brash unveiled a surprising and critical discovery regarding the integrity of widely used backup solutions. The presentation challenged the fundamental assumption that backups are exact, forensically sound copies of original data. Brash detailed a project initially aimed at helping a client, ABC Inc., address pragmatic security concerns with offline images, such as vulnerability scanning, malware detection, and creating Software Bill of Materials (SBOMs) for compliance. This seemingly straightforward task quickly escalated into an extensive reverse engineering effort that exposed significant discrepancies in how a prominent, unnamed backup vendor's solution handled data.
AI review
Brash's deep dive into proprietary backup formats is a brutal, necessary wake-up call for anyone who thinks their disaster recovery strategy is sound. The revelation that widely used solutions produce 'same but different' copies isn't just a technical curiosity; it’s a fundamental integrity failure with massive implications for incident response, legal culpability, and trust in critical infrastructure. This talk exposes a widespread blind spot, demanding that defenders move past superficial checks and genuinely interrogate the forensic soundness of their most vital data resilience…