1
00:00:00,670 --> 00:00:03,110
Hello and welcome back.

2
00:00:03,760 --> 00:00:09,490
In this lesson, I will show you how to create snapshots.

3
00:00:12,590 --> 00:00:17,090
This is Oracle Virtual Box, as you can see.

4
00:00:18,970 --> 00:00:31,120
In the previous earlier lesson, I have showed you how to install Linux, and if you click on Linux

5
00:00:31,870 --> 00:00:41,050
a machine, you will see that over here there is a list of all the snapshots.

6
00:00:44,450 --> 00:00:56,810
Snapshots, a recall of the current of previous state of the virtual machine, if I select an earlier

7
00:00:56,810 --> 00:01:05,240
voting machine, for example, Windows seven, you will see that I have a list of snapshots.

8
00:01:07,900 --> 00:01:19,120
If I wanted to revert back to an earlier state, I could easily select the snapshot that I want and

9
00:01:19,120 --> 00:01:20,620
then click on the Star.

10
00:01:22,510 --> 00:01:33,130
And then you ask me to confirm if I want to restore, if I wanted to restore, I would then check this

11
00:01:33,130 --> 00:01:36,670
box and click on the button restore.

12
00:01:38,320 --> 00:01:49,210
After that, he would then do all these other later states and go back to the state of the witch machine

13
00:01:50,290 --> 00:01:52,160
as of this snapshot.

14
00:01:53,380 --> 00:02:00,130
So this is very useful because sometimes when you are doing reverse engineering.

15
00:02:01,930 --> 00:02:10,810
You might want to undo any changes that has been made to your operating system in the virtual machine.

16
00:02:12,070 --> 00:02:22,470
Sometimes a tool or a program which you install might alter or make changes to your operating system.

17
00:02:24,160 --> 00:02:36,670
For example, it might modify your registry settings or create other files in unknown locations.

18
00:02:37,760 --> 00:02:47,150
So the easiest way to undo all those changes is simply to revert back to an earlier snapshot.

19
00:02:48,230 --> 00:02:56,510
This is especially useful when you are trying to learn reverse engineering.

20
00:02:57,450 --> 00:03:07,650
And want to undo changes made by the software, it is also useful in malware analysis when you are trying

21
00:03:07,650 --> 00:03:16,410
to analyze a software which you suspect might be a virus or some Trojan.

22
00:03:18,140 --> 00:03:20,970
So even ransomware.

23
00:03:21,440 --> 00:03:29,510
So in order to undo the damage done by the virus, you can easily revert to an earlier snapshot.

24
00:03:30,350 --> 00:03:32,820
So how do you create a snapshot?

25
00:03:34,160 --> 00:03:38,770
We are going to try it on our colleague Linux Virtual Machine.

26
00:03:39,920 --> 00:03:43,180
The first step is to select the virtual machine.

27
00:03:44,210 --> 00:03:54,740
And then over here on the toolbar, you will see an icon button called Take.

28
00:03:56,240 --> 00:04:00,440
If you hover your mouse over it, you will see.

29
00:04:01,790 --> 00:04:14,090
The text take a snapshot, so all you need to do is just click on it, then he will ask you for a name,

30
00:04:14,090 --> 00:04:15,080
for a snapshot.

31
00:04:16,940 --> 00:04:23,960
So we can give it a name, we can give it a date, even if you prefer to call it by date.

32
00:04:25,030 --> 00:04:37,330
So I can call it two to one much seven today's date, and I can put in some description if I wanted

33
00:04:37,330 --> 00:04:43,140
to and if I didn't want, I can just leave it empty and then click, OK?

34
00:04:45,330 --> 00:04:52,080
And now he has created the snapshot, I can then start my widget machine.

35
00:05:05,300 --> 00:05:14,360
I will now log in using Carly as a login name and Carly as the password.

36
00:05:15,270 --> 00:05:16,520
And it log-in.

37
00:05:29,780 --> 00:05:38,090
I will now go into full screen mode by clicking and view and selecting full screen mode.

38
00:05:39,790 --> 00:05:42,430
And then I will click on the switch button.

39
00:05:46,310 --> 00:05:49,970
I will now demonstrate how to.

40
00:05:51,300 --> 00:05:52,860
Create a file.

41
00:05:53,860 --> 00:06:03,720
And then undo it by reverting to the earlier snapshot, so I will now right click here.

42
00:06:04,980 --> 00:06:05,640
And then.

43
00:06:08,410 --> 00:06:18,100
Create a folder right on the desktop and call it test and click create.

44
00:06:20,110 --> 00:06:23,460
And now I have a new folder on the desktop.

45
00:06:25,090 --> 00:06:26,470
Open the folder.

46
00:06:27,530 --> 00:06:28,580
By double clicking in.

47
00:06:30,080 --> 00:06:31,760
And inside this hall, the.

48
00:06:33,180 --> 00:06:37,080
I will create a document and file.

49
00:06:39,430 --> 00:06:43,540
Khalid testified that.

50
00:06:49,360 --> 00:06:56,520
So now I'm going to undo this by reverting back to the earlier snapshot.

51
00:06:58,890 --> 00:07:08,990
So to do that, I will now shut down this killing machine first, I will restore it to its window mode

52
00:07:09,720 --> 00:07:22,050
by hovering my mouse at the bottom so that the toolbar will pop up and then selecting on the window

53
00:07:22,050 --> 00:07:25,610
restor to go back to Windows mode.

54
00:07:27,360 --> 00:07:34,760
And now I will shut down Cali by clicking this button on the top right corner.

55
00:07:35,850 --> 00:07:37,380
And he shut down.

56
00:07:41,850 --> 00:07:52,500
Now, my coffee machine has shut down, so as you can see, when I select on the machine, I can see

57
00:07:52,890 --> 00:07:55,820
that the current state has changed.

58
00:07:57,700 --> 00:08:04,620
So if I wanted to undo this change, all I need to do is select the previous state.

59
00:08:05,780 --> 00:08:10,100
And then hit the rest button on the top.

60
00:08:12,360 --> 00:08:14,280
You ask me to confirm.

61
00:08:15,730 --> 00:08:21,000
So I uncheck this box and click on the restart button.

62
00:08:23,210 --> 00:08:32,600
And now you will notice that the current state has updated to the two or two to my seven current state

63
00:08:34,100 --> 00:08:38,140
so I can now restart my coffee machine and check it out.

64
00:08:45,290 --> 00:08:55,300
My colleague machine has fully booted up, you will now notice that the folder which I created earlier

65
00:08:55,660 --> 00:08:56,340
is gone.

66
00:08:57,880 --> 00:09:01,450
So this is how you can use snapshots.

67
00:09:03,320 --> 00:09:11,570
So use it often when you are reversing Saturday, so that is all for this video.

68
00:09:12,050 --> 00:09:13,430
Thank you for watching.