# Backup and Disaster Recovery

## Pre-Crypto Attack Backup
- Location: HGHAUBNER (192.168.0.148) D: drive
- Contents: Full backup of all visible network shares before 2025 crypto/ransomware attack
- Folders: DF C-Drive, DF E-Drive, DF Sage, DF Server Archive, DF Server Engineering, DF Server Sales, DF Staff, DF WebShare
- Access: Admin share (D$), firewall opened 2026-03-27

## TestDataDB Backup
- Task: TestDataDB-Backup (scheduled on AD2)
- Script: C:\Shares\testdatadb\backup-db.ps1
- Output: C:\Shares\testdatadb\backups\

## VSS Shadow Copy
- Task: VSS Shadow Copy (scheduled daily at 2:00 AM on AD2)
- Target: E: drive

## Online Backup
- Service: "Online Backup Service" running on AD2
- Details: Unknown — needs investigation

## M365 Backup
- Not identified

## Disaster Recovery
- No formal DR plan documented
- RTO/RPO targets not defined

## Notes
- Backup posture is weak — the only full backup is a pre-attack copy on a workstation's D: drive
- No verified backup of current server state, AD, or Sage ERP
- TestDataDB has its own scheduled SQLite backup