What could cause the files to be replaced with null bytes, size and timestamp not modified?

windows hard-drive filesystems

A discussion on the SyncTrayzor github shows that it might be related to windows update.

It has happened to me twice that the config.xml from SyncTrayzor was filled with null-bytes after a windows update and at least one other user had the same problem. Also some Firefox cache files were null-filled at about the same moment.

Searching for files with just null-bytes seem to indicate that they are mostly things like 'configuration' files, or cache files or something. My hypothesis is that these were kept open when the computer was forced to reboot as part of the windows update and were not synced correctly to the drive.

Edit: Checking restart history and update history indicates that

  • Almost all 100% null-byte files are created on the same day as a reboot. Only a few specific ones are not.
  • The majority of them were create on, or the day after, a 'Cumulative Update for Windows 10 Version 1803'. Maybe the reboot is occasionally postponed to the day after the install?

So it seems clear that the creation of null-bytes is triggered by reboots. Most reboots where probably because of an update, so unclear whether it can happen with any reboot or whether update-reboots are special in this regard.

I have not yet figured out how to get all the information in a machine readable form, so it's an inefficient manual investigation so far. Most of these screens I can't even copy-paste from, so this is very inefficient. I would be grateful if someone knows how to get this information into files:

  • File names and creation/modification dates of files with all bytes null.
  • Windows shutdown/startup dates. Edit: get-eventlog system | Where source -eq EventLog | Where InstanceID -like 214748965*
  • Windows update dates (specifically the ones requiring a reboot).

Edit: Reboot-hypothesis corroborated by https://stackoverflow.com/a/52751216/2097 . That answer only refers to unexpected reboots though.

Edit: Reboot-hypothesis corroborated by N++ team: https://notepad-plus-plus.org/community/topic/13302/fix-corrupted-txt-file-null

Possible recovery mechanism using Recuva: Recover file corrupted due to power cut off

Related

Dell Inspiron 14R 5420 intermittently fails to boot
Unable to open github.com Error code: DNS_PROBE_FINISHED_NXDOMAIN
How do I typeset equations in Word as pretty as LaTeX does?
Force UTF-8 on every document opened in Notepad++
replacement for Net Send
Using reverse SSH to connect two clients over one server
Increase mouse speed in Linux Mint beyond its default maximum?
How do I install the 32-bit dynamic linker on 64-bit NixOS?
How to stage git commits using meld (like git add -p)?
To edit commandline Anki flashcards in MySQL
Firefox sporadically loses ability to perform DNS lookups
OS X: LaunchDaemon not running: Service could not initialize