Explore advanced techniques for malware analysis and recovery in this 55-minute conference talk from Hack3rcon II. Delve into the world of digital forensics as Tim Tomes and Mark Baggett demonstrate the power of Volume Shadow Copies for recovering deleted malware and investigating cyber incidents. Learn about the Spirit Box tool for Linux and Windows systems, understand Protected Device Names, and witness hands-on demonstrations of creating and manipulating Volume Shadow Copies. Gain insights into using VSS Admin commands and scripts, and discover potential bugs in these techniques. Enhance your cybersecurity skills with practical knowledge applicable to both offensive and defensive security practices.