Thursday, August 10, 2006

Boot and Rescue CD's

OK.

Your Windows system (or a friend/relative's) just took a flaming nose-dive. It has been shot out of the skies and kissed the ground horribly.

Really bad. Kick a small dinosaur bad. You know what I mean. Blue screen of death. Have I reminded you there hasn't been a backup on this system for many many years?

What are you to do?

First, resist the urge to pop in your "system restore" disk. There is a good chance it will restore your system to brand-new status--and just as good a chance it will overwrite all your data and files to the land of "you're not getting that stuff back."

Assuming the hardware is fine, you have a couple of choices:

Option 1: If you have a 2nd system handy, you can pull the hard-drive out of your current system and place it into the second system as a slave drive. That should let you recover the files off the drive and save them. However, if you aren't used to dealing with jumper settings, master/slave drive numbers, BIOS configuration and opening up your pc case, this might be to scary, even though it isn't as bad as it sounds.

Option 2: Use a Boot and Rescue CD.

My early experiences were using Linux "live cd" versions to recover data from OS damaged systems. There are tons of these things nowdays and are all pretty easy to use. A benefit of Linux is that most Linux systems can read NTFS drives of Windows machines (though writing to them is improving, it is not as easy a process). Some Linux distributions support older hardware better than others. You download the ISO file, then burn the ISO file to a CD. Set your boot order to boot from CD before HDD and you are good to go.

My favorite Linux tool for this was the Helix CD. As an added bonus, if you place the cd in your system while Windows is running, it launches a Windows auto-run menu/tools launcher that has a number of useful tools for light forensics work, while the Linux side has heavy-duty forensics tools.

Nowdays, I live by the wonderful Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD. If you have a Windows XP system, you really need to make a copy of this and keep it handy. This allows you to create an XP PE bootable CD or DVD that will give you an XP environment to use for file recovery and troubleshooting, without booting off your hard-drive. This is worth a million-dollars! It takes some time getting the hang of building this (Bart doesn't offer "pre-rolled" ISO's) so you have to do it yourself, but it is a great learning experience. And once you get the hang of making them, you can really customize the heck out of them.

Microsoft has some more information as well about this whole "Windows PE" thing Bart has based his work on.

More system rescue tools worth looking into:

RescueME CD/floppy Ultra-portable

Ultimate Boot CD for Windows Based on Bart's PE system. Described by the developer as "UBCD4Win is a bootable CD which contains software that allows you to repair/restore/diagnose almost any computer problem. All software included in UBCD4Win are freeware utilities for Windows."

Anti-virus vendor Avast! offers their Avast! BartPE specialized build. Not free, but pre-packaged, packed with Avast! AV, a registry cleaner, junk file remover, a disk checker, a secure-data shredder, a registry editor, event viewer, service/driver manager, command-line tool, a file manager, and text editor. This might be a great alternative if making your own boot and rescue cd sounds to technically challenging, but you like the idea.

If you work in a corporate/Enterprise environment and the IT Tech budget has some need for spending, seriously consider purchasing Winternals Corporate Solutions ERD Commander. Now a Microsoft product, the products aren't cheap, but are really geared for recovering critical systems from OS failures. If you can't rescue the OS with these tools, there is a very strong chance you can at least rescue the data I still carry a Winternal Emergency Rescue CD, even though Bart's PE and a few Linux disks are all the coverage I ever need. I just feel extra confident knowing I have it available.

Trinity Rescue Kit is another Linux boot/rescue cd. It can handle lots of specialized sysadmin situations. And if you are like me and like to make CD labels to match the disks, their logo looks pretty bad-assed (even it really is just a 45-LP spacer disk). Pull this baby out and your users will think you are pretty cool, whether or not you really know what you are doing!

911 Rescue CD - A number of Rescue and Boot media offerings can be found here: Per the developer's site: "The 911 Rescue CD is the Admin's Swiss Army knife it is an integrated set of software designed for the emergency situations when the system doesn't function properly or when assembling a new PC and no pre-installed operating systems or software is found. The 911 Boot Disks are a set of startup disks based on the ModBoot framework, they have mouse-driven user interface and greatly simplify the process of setting up and recovering failed systems, and allow the user to diagnose problems and assist in the fixing steps." Give them a closer look.

Hooked?

There's a great listing of Boot Disks and Utilities over at Spyware Warrior.

Good luck!
--Claus

No comments: