[K12OSN] OT: Damn Small Linux (DSL) Question

ssanders at coin.org ssanders at coin.org
Thu May 4 04:23:27 UTC 2006 

I am a tremendous fan of bootable Debian/Knoppix live CD's. DSL is great
for older systems that do not have much RAM. You can switch to root in
DSL from a terminal window with:  
sudo su 
no password needed. Some apps ask you for a root PW. As root in a
terminal, just enter  passwd  and you will be prompted to create/change
the password. Now you can run whatever app was needing root permissions.

I forget what the name of the file manager app is in DSL, but I once
figured it out, then ran it as root from a terminal, and I wasn't as
limited in whatever it was I was trying to do at the time.

Some Knoppix variants give you a root terminal window with Ctl-Alt F2 it
seems (haven't tried that in awhile).

Writing to NTFS from Linux has traditionally been dangerous. Recent
Knoppix discs would let you write a file *back* to NTFS, but not create
or write a filesize that was different. Very latest versions (Knoppix
4.0.2 or so) have CaptiveNTFS which allegedly has full NTFS write
access. I have honestly never used it, but I understand one of the basic
problems is Microsoft's proprietary drivers have been hard to reverse
engineer accurately and safely. CaptiveNTFS uses the Microsoft drivers
residing on the HD of the machine you have booted to, so no need for the
distribution legal problems. This is assuming the filesystem in intact
enough for you to use it.

Knoppix discs with KDE usually have desktop icons for the partitions it
finds. You can mount them for viewing and read/write (right-click, look
for Actions, I think) graphically from the desktop.

But if you are trying to rescue a borken Windows machine, why risk
anything? Data never seems so valuable as when you know it's on there,
but the box won't boot! You mention using external USB disks and keys to
rescue information, this is the absolute best way to go. To make it
easy, the rescue media should be formatted FAT32, that way it's easy to
read/write with both Linux and Windows. 

If you can sudo su in DSL and get the file manager running as root, that
may be easiest. Otherwise you would have to manually mount the rescue
drive with something like this:

root at knoppix# mount -t ext3 -o rw /dev/hda5 /mnt/hda5

(I just used ext3 because I can't remember what the correct Windows one
is). I rarely manually mount Windows disks for rescue anymore, I usually
use external HD/USB key or FTP to another system using Midnight
Commander. It's on most Knoppix discs, it's like the old DOS Norton
Commander on steroids!

You can first view all the recognized partitions with:

cat /etc/fstab

I did a simple Flash tutorial on doing this, using http://s-t-d.org (a
security-based Knoppix, based on the old 3.2 version):
http://204.202.9.122/~ssanders/index2.html

There was no need to manually mount the drive, and in this example I
used one of the two panes of Midnight Commander to be an FTP link to
another machine on my network. It could have just as easily (easier,
probably) to make that pane another drive or USB key.

If the data is critical and/or the hardware may be failing, the most
important to do is first image the drive onto another one. With NEITHER
DRIVE MOUNTED, run dd like this:

dd if=/dev/hda of=/dev/hdb

The if parameter is always the source drive (the one you are trying to
rescue) DO NOT MIX THE if AND of PARAMETERS! You will have just
destroyed your data with a perfect copy of a blank HD....

Leaning towards digital forensics methods, you can use the dd command
with switches to make the copied drive an image file, and tell it to not
stop on errors (like a badly damaged drive). Setting the blocksize to a
larger value than the default 512 can help performance as well:

dd if=/dev/hda of=rescued_disk.img bs=65536 conv=noerror,sync
 
/dev/hdb (or rescued_disk.img) now is a perfect clone of the original. I
have recovered literally hundreds of gigs of data using Knoppix discs.
Ironically, the biggest failure I had was trying it on a recent K12LTSP
server! The Logical Volume Management filesystem does not (easily) work
well with Knoppix. Any Windows machine is fairly simple to rescue using
combinations of these methods.

Since hard drives are so cheap now, I have come to greatly prefer a USB
drive. No more opening strange cases and futzing around with drive
jumpers to allow a new drive, or on old PC's having a drive that the
BIOS perhaps won't recognize properly. 

It's pretty easy to get a Windows box so mangled up that it won't boot,
but the data is still there. Be sure to virus-scan possibly infected
files before restoring them on another Windows machine! True
data-recovery companies get hundreds of dollars per hour to get data
from damaged drives. This stuff is magic to Joe Average Windows User,
and Linux makes it fairly easy.

More information about the K12OSN mailing list