Posted on 11/18/2003 5:26:20 AM PST by dennisw
Knoppix Linux penetrates Windows security. Great tool to rescue/recover from Windows crash
|
These instructions were written using Knoppix version 3.2. It can be downloaded from http://www.knopper.net/knoppix/index-en.html. This document is also available online at http://www.shockfamily.net/cedric/knoppix/.
Windows just crashed. The computer won't boot back up. Those "System Recovery Disks" that came with your computer will erase all of your data. In most cases, when Windows breaks and will not start up again, none of your data has been lost, you just don't have a way to get to it. These instructions are a way of getting to your data when Windows won't work. If these instructions fail to recover your data, don't panic; even in cases of physically damaged drives, reformatted drives, and accidentally deleted files, professional data recovery companies typically have a 95 to 98% success rate.
I can not provide complete step by step for all of the methods covered because they depend on your computer's setup, so in place may need to know a little about your own computer. For this reason, it might be helpful to find the manuals, documentation, and disks that came with your computer, any documentation provided by your internet service provider or information about your network. These are certainly not required, but may be helpful.
Put the Knoppix CD in the CD drive of the computer you need to get data out of. If you have a zip drive or other removable disk drive, put a disk in the drive. Turn the computer on. Some computers will start the CD automatically, while others will act like it isn't there. If the CD boots just by putting it in your computer and turning the computer on, great. You can skip the next paragraph.
If Knoppix does not start when the computer is turned on, first try restarting the computer. If that does not work, try pressing Del, ESC, F1, or F2. One of these keys should bring up either a menu from which you can select to boot from a CD, or the BIOS configuration. In the latter case, you will need to find the "Boot Order" in the bios configuration and make the CD drive first. The documentation that came with your computer should be helpful in finding this setting.
You will see a screen that says:
KNOPPIX 3.2 ... F2 for help boot:Press Enter.
Knoppix will spend a little while detecting all of your hardware and starting up. This will take about 5 minutes. Don't panic, it is working, even if it seems like it has stalled. If you have a new computer, it certainly shouldn't take longer than 15 minutes. If it does, you may want to start over.
Once Knoppix starts you will be presented with a window that looks kind of like a web browser. There is a button with an X in the upper right hand corner of this window. Click on it; the window will close. Your screen should now look something like this:
There will be a series of icons down the left side of the screen. The ones labeled "Hard Disk Partition" are the hard drives in your computer. If you can, find one labeled "Hard Disk Partition [hda1]" or "[sda1]". If you can't, just pick the top one. This is probably the drive that is called "C:" in windows. Click on this icon. This will bring up a window that looks similar to the Windows Explorer File Manager. This window will have a directory tree view on the left, and an icon view on the right. If the drive you found is your C drive, the icon view on the right will have some icons called things like "Program Files", "winnt", "windows", "My Documents", "recycled", "Documents and Settings", etc. If you are disappointed by what is on this drive, or you get an error message, close the window and try another one.
Once you have figured out which drive is which, or at least which one is your "C:" drive or other drive that you want to get data off of, go onto the next section, which is about rescuing your data.
The "My Documents" folder is typically found in one of the following places:
Windows 2000, XP: Documents and Settings/your username/My Documents/
Windows 2000: Documents and Settings/Administrator/My Documents/
Windows XP: Documents and Settings/Owner/My Documents/
Windows NT: winnt/Profiles/your username/My Documents/
Windows NT: winnt/Profiles/Administrator/My Documents/
Windows 95, 98, ME: My Documents/
The Desktop is typically found in one of the following places:
Windows 2000, XP: Documents and Settings/your username/Desktop/
Windows 2000: Documents and Settings/Administrator/Desktop/
Windows XP: Documents and Settings/Owner/Desktop/
Windows NT: winnt/Profiles/your username/Desktop/
Windows NT: winnt/Profiles/Administrator/Desktop/
Windows 95, 98, ME: windows/Desktop/
There are a number of options in this section which you can use to rescue your data.
Floppy disks are prone to failure. Do not use them for anything other than transferring files between computers.
To recover data onto a floppy disk you need to have a floppy disk drive and a blank, formatted floppy disk. Put the disk in the drive.
Click on the "Floppy disk" icon on the desktop. This will open another file-manager type window for the floppy disk.
Go back to the window where you found your data you wish to recover. Select the files. Right click on them and select copy. Go back to the window for the floppy disk. Right click in the big area on the right and select paste.
You need a Zip Drive or some other removable disk drive and a disk to use this method of data recovery. Put the disk in the drive.
On the desktop there will be an icon labeled something like "Hard Disk Partition [hdc4]", "[hdd4]", "[sdc4]", or "[sdd4]" that corresponds to your Zip Drive. Click on it. It should open a window in which you can see the contents of the removable disk.
Go back to the window where you found your data you wish to recover. Select the files. Right click on them and select copy. Go back to the window opened for the removable disk. Right click in the big area on the right and select paste.
You might get a message that is like "Could not write to /mnt/hdc4". In this case you will need to change the properties for the removable drive.
Close the window for the removable disk. Right click on the removable drive on the desktop. This will bring up a little menu. Select "Unmount", which is about the 5th item from the bottom of the list.
Right click on the removable drive on the desktop. This will bring up the little menu again. Select the last item in the menu, "Properties". This will open a window with four tabs. Select the third tab, "Device". There is a checkbox labeled "Read only". Make sure it is unchecked, and click on Ok. See Appendix C for a picture.
Click on the removable drive icon. This will open the explorer type window again. This time you should be able to write to the disk.
Close the window for the removable disk. Right click on the removable drive on the desktop. This will bring up a little menu. Select "Unmount", which is about the 5th item from the bottom of the list. Try ejecting the disk again.
If your removable disk drive just won't work, try restarting Knoppix with a disk in the drive. Some disk drives have issues with being empty on bootup.
Burning files to a CD requires that you have two CD drives. You must have the CD drive that Knoppix was booted from and another CD drive that can write CDs.
This requires one challenging step before we can begin. Click on the in the lower left hand corner of the screen. This will bring up a menu like the Windows Start Menu. Enter the "KNOPPIX" submenu and select "Root Shell". This will open a window with a light blue prompt that reads something like
root@ttyp0[/]# |
Click on the in the lower left hand corner of the screen. This will bring up a menu like the Windows Start Menu. Enter the "System" submenu and select " K3b".
You will need to set up the CD burning software before you can use it. In the K3b "Settings" menu select "K3b Setup", the last entry. You will be asked to enter the password you entered earlier. Press Ok. I can't see the bottom of this setup wizard on my screen. Press Enter or "Next" 4 times. In step 5, press the "Add User..." button. Type "knoppix" and press "Ok". Press Enter or "Next". Getting past the last screen can be hard if your screen isn't big enough. We need to push the "Finish" button. I succeeded by moving my mouse over the border of the window so that the resize cursor was visible. Then I right clicked and a menu came up. I selected "Move" and moved the window so that the bottom portion of it was visible, then pressed "Finish"
You should be able to use the CD-Writer now.
To rescue data using e-mail you will need a working email account and an internet connection. If you are on a local area network, your internet connection should already be working. If your internet access is through a dial-up service, see Appendix A, Dial-up Networking. If your internet access is through a local area network that was not automatically configured properly, see Appendix B, Local Area Network Configuration.
Web based e-mail access is the easiest way to get email working. Open a Web Browser. You have two choices, Konqueror, and Mozilla. You can get a free e-mail account to send things through at http://mail.yahoo.com/.
It is also possible to set up Mozilla or Evolution as an e-mail client if you prefer this, harder route, or if you have files too large to send through web based e-mail.
To rescue data using Windows Networking, you need a connection to a local area network, and another computer running on the network, with a shared folder you can write to. If your local area network that was not automatically configured properly, see Appendix B, Local Area Network Configuration.
You will need to know the following information about the other computer:
Workgroup:
Username:
Password:
Computer Name:
Shared Folder:
If the computer is running windows 95, 98, or ME and does not require a password for the shared folder, the username is "guest" and the password is blank.
At this point there are two options for connecting to the computer. The first option is slightly easier, but doesn't always work; try it first. The second option is a little harder, but is rock solid.
Click on the in the lower left hand corner of the screen. This will bring up a menu like the Windows Start Menu. Enter the "Internet" submenu and select "LinNeighborhood
In LinNeighborhood find the "Options" menu and select "Browse entire network..."
Entire Network Browse If your network requires authentication just to see the list of shared folders, select "Browse as user" and enter your network username and password. Click "Ok".
LinNeighborhood should now show a list of workgroups and the computers in them like this:
Find the computer you will be copying files to and double click on it. The list should now show the shared folders on that computer. Select the shared folder you will be copying data to. Click on the "Mount" button in the upper left corner of the window.
Mount Dialog You will be presented with a window that looks like this:
Enter your username in the box labeled "SMB User:" and your password in the box labeled "SMB Password:". Click "Mount".
Now we need to open the directory that represents the shared folder on the other computer. Click on the at the bottom of the screen. This will open a file manager type window. There should be a folder called "mnt" in the icon view on the right; open it. In this folder, there should be one folder with the name of the computer you connected to; open it. In this folder, there should be one folder with the name of the shared folder you connected to; open it. This directory now represents the shared folder on the other computer.
Go back to the window where you found your data you wish to recover. Select the files. Right click on them and select copy. Go back to the window we just opened for the shared folder. Right click in the big area on the right and select paste.
Click on the in the lower left hand corner of the screen. This will bring up a menu like the Windows Start Menu. Enter the "KNOPPIX" submenu and select "Root Shell". This will open a window with a light blue prompt that reads something like
root@ttyp0[/]# |
root@ttyp0[mnt]# |
mount -t smbfs -o uid=knoppix,workgroup=Workgroup,username=Username,password=Password //Computer Name/Shared Folder /mnt/shared |
Open a new Konqueror window by clicking on the at the bottom of the screen (it is the 4th from the left). In the address bar, after where it reads X> Location: type "file:/mnt/shared/" and press enter. This window is now displaying the shared directory on the other computer.
Go back to the window where you found your data you wish to recover. Select the files. Right click on them and select copy. Go back to the window we just opened for the shared folder. Right click in the big area on the right and select paste.
To recover data onto a hard disk, you will need to have either another hard drive or hard drive partition. The hard drive will need to be installed before starting Knoppix. NTFS (Windows 2000 or XP) formatted drives or partitions will not work.
If you are copying data to another partition on the same drive, beware. Reinstalling Windows / using "System Recovery Disks" will probably DELETE your rescued files.
You will need to make the drive or partition writable to be able to copy files to it. Right click on the drive or partition on the desktop. This will bring up a little menu. Select the last item in the menu, "Properties". This will open a window with four tabs. Select the third tab, "Device". There is a checkbox labeled "Read only". Make sure it is unchecked, and click on Ok. See Appendix C for a picture.
Right click on the drive or partition icon again. If there is an item in the menu called "Unmount" select it.
Click on the icon on the desktop for the drive or partition. This will open the explorer type window again.
Go back to the window where you found your data you wish to recover. Select the files. Right click on them and select copy. Go back to the window we just opened for the drive or partition. Right click in the big area on the right and select paste.
Knoppix can be used as a temporary operating system. It has support for a wide variety of printers and other hardware. Knoppix has programs for creating and editing documents, spreadsheets, presentations, charts and drawings including those in Microsoft Office formats. It also has powerful image editing software, web browsers, e-mail clients, games, a music player, a planetarium, flowcharting and diagramming, a calculator, a persistent clipboard, and many other programs.
To use Knoppix in place of a broken windows installation, there a few things that you will find convenient. You may wish to be able to write to your hard drive (Appendix C). If you configure a printer (Appendix D) or set up a dial-up internet connection (Appendix A), you may wish to save the configuration (Appendix E). If you start using OpenOffice or a Web Browse, email client, or other program that has personal settings / configuration, you will want to create a persistent home directory (Appendix F).
OpenOffice, a free replacement for Microsoft Office, can be opened using the button at the bottom of the screen.
You can get on the internet using Konqueror or Mozilla. Mozilla, Evolution, and "Kmail" are all e-mail clients. Konqueror makes a good ftp client; type "ftp://ftp.yourhost.com/" in the address bar. There are more internet programs, such as the Aol IM client "Gaim", in the "K" menu in the submenu "Internet".
In the menu, try the addictive game "Frozen-Bubble" under "Games", the planetarium "KStars" in "Edutainment", the other "Office" programs, and the "Utilities" "KCalc" and "Klipper". "Klipper" is great if you do a lot of copying and pasting.
"The Gimp" image manipulation program is found in "Multimedia" "Graphics" (Most things in the gimp, like saving files, are done by right-clicking on the image). You can play MP3s and other audio files using "XMMS" found in "Multimedia" "Sound".
Click on the in the lower left corner of the screen. This will bring up a menu like the Windows Start Menu. Enter the "Internet" submenu. Enter the "Connect" submenu. Select "KPPP (Internet Dial-up tool)".
This will open KPPP, a dial-up internet tool.
KPPP Click on "Setup ..."
KPPP Configuration Under the "Accounts" tab click on "New..."
Create New Account Click on "Dialog Setup"
New Account Enter a "Connection Name", it can be anything. Click on the "Add..." button.
Add Phone Number Enter the phone number for your internet provider; click "Ok".
New Account Click ok.
KPPP Configuration Click on the "Device" tab. Select "Modem Device:" according to the following list:
Windows Device | Select: |
---|---|
COM 1 | /dev/ttyS0 |
COM 2 | /dev/ttyS1 |
COM 3 | /dev/ttyS2 |
COM 4 | /dev/ttyS3 |
Other Internal Modem (Rarely Works) |
/dev/modem |
KPPP Enter your "Login ID" (username) and "Password" and click "Connect".
This section covers local area networking configuration when the network is not started automatically. This is mostly for networks with static IP address assignment, typically old networks of Windows 95, 98, NT, and ME computers. Click on the in the lower left corner of the screen. This will bring up a menu like the Windows Start Menu. Enter the "KNOPPIX" submenu. Enter the "Network/Internet" submenu. Select "Network card configuration". This will open a series of dialog boxes that will request information about the network. There may be a screen asking with network card to configure; if so select one. The next screen will ask if the network settings should be configured through DHCP; click no unless your network has automatic configuration, and it failed to work the first time for a reason such as a disconnected cable. After you click no, it will ask you for an IP address. This and the subsequent settings rely on your network configuration, so I can't tell you what to do here. You can not make an NTFS formatted drive writable (sometimes used for Windows NT, 2000, XP). Close all windows and programs using files from the drive, or showing directory listings of the drive. Right click on the drive icon on the desktop, and select "Properties". This will open a little window. Select the "Device" tab. There is a checkbox labeled "Read only". Make sure it is unchecked, and click on Ok. Click on the in the lower left corner of the screen. This will bring up a menu like the Windows Start Menu. Enter the "KNOPPIX" submenu. Enter the "Configure" submenu. Select "Configure printer(s)". This will open a window called "Printing Manager". Near the top left corner of the window there is a button labeled "Add" with a little black arrow pointing down on it. Click on it. This brings up a small menu; select "Add Printer/Class". Introduction Click "Next>". Backend Selection Select "Local printer (parallel, serial, USB)". Click "Next>". Local Port Selection This screen will show a list of all the ports on your computer, and any automatically detected printers. If the printer was detected automatically, select it and click "Next>". If it wasn't, select the port it is connected to and click "Next>". Printer Model Selection Select your printer's manufacturer from the list on the left. Then select the model from the list on the right. Click "Next>". Driver Selection Select a driver for your printer. I prefer the ones that say "CUPS" or "gimp-print". Click "Next>". Printer Test If you wish, you can test your printer at this point. Click "Next>". Banner Selection Click "Next>". Printer Quota Settings Click "Next>". User Access Settings Click "Next>". General Information Enter a name for the printer. It can be anything. Click "Next>". Confirmation Click "Finish". Close the "Printing Manager" window. Your printer is now set up. If you want to save your configuration, see Appendix E. Saving configuration requires a floppy disk or a non-NTFS formatted drive. Click on the in the lower left corner of the screen. This will bring up a menu like the Windows Start Menu. Enter the "KNOPPIX" submenu. Enter the "Configure" submenu. Select "Save KNOPPIX configuration". This will bring up a little window asking what to save. Click "OK". The next window will ask where to save the configuration. I suggest the floppy drive. Click "Ok". To load the configuration the next time you run Knoppix, put the floppy disk in the drive once the "boot:" prompt appears. Instead of pressing enter, type "knoppix myconfig=scan" and press enter. Making a persistent home directory requires a non-NTFS formatted drive. Click on the in the lower left corner of the screen. This will bring up a menu like the Windows Start Menu. Enter the "KNOPPIX" submenu. Enter the "Configure" submenu. Select "Create a persistent KNOPPIX home directory". This will bring up a window with a lot of text. Click "OK". The next window will ask where to save the configuration. Select a drive and click "Ok". Click "No". Do NOT use the entire partition. The next screen asks for a size in megabytes for the persistent home directory. 30 is good. Click "Ok". Click "No". We don't need encryption. The next time you run Knoppix, put the floppy disk in the drive once the "boot:" prompt appears. Instead of pressing enter, type "knoppix home=scan" and press enter. If you want to use both a persistent home directory and a saved configuration, type "knoppix home=scan myconfig=scan" and press enter. B: Local Area Network Configuration
C: Making a drive writable
D: Printer Configuration
E: Saving Configuration
F: Persistent Home
Skeleton | Motors | Underground | Statistics | Search |
Clinton Shock: ccshockfmtc.com
Candace Shock: cshockfmtc.com
Cedric Shock: cedricshockfamily.net
Last updated Monday April 14, 2003.
View page source.
I downloaded from there and got a clean copy of Knoppix. Used the instructions for using KNOPPIX to burn to CD the info/files you need to rescue. My next step is to reinstall the XP windows to the partition and restore the files to it. XP crashed on me and found no other way than to lift the files and reinstall. I was not permitted to drag and drop onto another hard drive. Could not boot into safe mode or system restore.
Knoppix burns onto one CD and operates off this CD. You do not install it on your hard drive or computer. You put Knoppix in one CD player and use a CD burner (USB is nice!) to lift the important files
Works great.
This system has two drives. Linux lives on hdb and Win2k is on hda. LILO is on hda's boot sector. While I was setting this up, I fouled up somewhere and hda was unbootable. Getting Linux off the ground using the CD-ROM let me access hda to recover the disk's entire contents. Everything's copied to /tmp. (Yes, it was overkill to copy absolutely everything, but I had disk space to spare on the new drive.) Once the data was safely tucked away on hdb, I refomatted hda and reinstalled Win2k. Now I have all of my data and a dual boot system. (Though I almost never use Windows. : )
A friend's WinXP laptop crashed in the middle of installing SP1 for WinXP, rendering it unbootable. As the article notes, the "System Recovery Disk" supplied by some OEMs is really a "System Initialization Disk". So, I had to get the data off the hard drive first.
I used Knoppix to transfer the contents of the "Documents and Settings" folder to another system via the network. Fortunately, I never had to use the backup data: I was able to scrounge up a OEM version of Windows XP (with SP1) that allowed me to reinstall it without wiping out the system.
Windows hasn't been able to do this for 10 years.
I haven't used unix for a while but I may get make a CD and boot it up to check it out.
We had a power failure and lost the network, and in a panic he shut off his computer.
From then on, his disk was unreadable by any Microsoft machine -- his machine wouldn't boot, another IDENTICAL XP laptop wouldn't even recognize it (Microsoft licensing on XP strikes again).
Of course, the disk was readable from the ultrabay on my IBM T21 laptop running RedHat 8 so Linux was able to rescue his files. I haven't heard of knoppix before but it sounds like it might have been able to fix whatever happened to his machine...
Just this weekend I used Linux which I squirreled away in a separate partition on my kids game machine running Windows ME to overcome a parasite infestation which came in over Active-X (of course, MOZILLA isn't affected). It created files which were invisible withing Windows ME, of course, not within LINUX so I was able to delete them.
Linux is pretty damn useful in repair Windows slop...
System recovery with Knoppix <-- Link
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.