Download of server VHD file

D. David Paulson · ‎04-27-2017

We had an Azure ARM server undergo a brute force attack. Â The attacker got into the server by attacking a service account on our domain. Â Once inside the server, the attacker encrypted the server with a variation .dharma.Â The server was less than a week old, so staff had entered only small data batches into the new server.

I created the server with a 1TB size drive. Â Our security consultant would like a download of the VHD to test if the attacker breached any data in addition to encrypting data on the server. Â I would mount the VHD file to in a segregated Hyper-V environment for the security consultant to test for a data breach. Â The consultant does not want to test for the breach on the now deallocated server to preserve the chain of evidence.

What is the best way to download the 1TB size VHD file?
Does Microsoft offer a service where they would download the file to media and then ship the media to me?
Any other suggestions on how to approach this issue? Â There is a high level of concern in the Executive Office of a data breach.

Thank you for your thoughts.

Kent Gaardmand · ‎04-30-2017

Azcopy, or Microsoft storage explorere should only download the actual data, and once it relizes the rest is empty the file should be generated. But the file will still indicate on you end that it is and requires 1 TB

D. David Paulson · ‎05-01-2017

I ended up using Microsoft Azure Storage Explorer and the VHD download successfully and in a reasonable amount of time. Thanks.

Download of server VHD file

Download of server VHD file

Re: Download of server VHD file

Re: Download of server VHD file