Chapter 4. System Recovery
Prev   Next

Chapter 4. System Recovery

Table of Contents

Windows XP Recovery
Using a DVD+RW Drive

The Network Security Toolkit has a full set of system recovery tools.

Windows XP Recovery

My neighbors had the unfortunate experience of having the sewer backup into their basement. Their Gateway 300S system happened to be on floor and ended up sitting in three inches of water. Not being the best at protecting their data, they asked if I could help in trying to recover it. The general steps in the process involved the following:

  • They brought the disable system down to my house (just the CPU unit).

  • They did not know how to open the case. I had to go to Gateway's web site to discover the trick. It's actually a nice design once you understand how it works (you can remove a hard disk from one of these systems in less than a minute).

  • I removed the hard disk from the system, wiped it off with a rag, and tried to dry it with a hair dryer. I then let it sit for 24 hours.

  • I connected a power cord to the CPU unit, installed the now dry hard disk, connected a ethernet cable and inserted the Network Security Toolkit bootable CD in the CDROM drive.

  • I crossed my fingers and booted the system.

  • By looking at the /var/log/messages log file on my DHCP server, I determined that the system had indeed booted and been assigned the IP address of 192.168.0.48.

  • Using my work system (running Fedora 40), I then used the following set of commands to remotely create a ISO image of what my best guess was of the user documents on my neighbors' system: 

    [root@rice root]# ssh root@192.168.0.48 mount -t ntfs -r \
/dev/hda1 /mnt/ntfs
root@192.168.0.48's password:
/usr/X11R6/bin/xauth:  creating new authority file /root/.Xauthority
[root@rice root]# (ssh root@192.168.0.48 mkisofs -m "*Temporary*" -J \
"/mnt/ntfs/Documents\ and\ Settings") > /lan/tmp/xp.iso
root@192.168.0.48's password:
...Warning messages about file names that had to be changed...
  5.90% done, estimate finish Tue Sep  9 14:23:20 2003
 11.80% done, estimate finish Tue Sep  9 14:23:12 2003
 17.67% done, estimate finish Tue Sep  9 14:23:03 2003
 23.56% done, estimate finish Tue Sep  9 14:23:03 2003
 29.45% done, estimate finish Tue Sep  9 14:23:07 2003
 35.35% done, estimate finish Tue Sep  9 14:23:06 2003
 41.24% done, estimate finish Tue Sep  9 14:23:06 2003
 47.12% done, estimate finish Tue Sep  9 14:23:03 2003
 53.02% done, estimate finish Tue Sep  9 14:23:05 2003
 58.90% done, estimate finish Tue Sep  9 14:23:05 2003
 64.80% done, estimate finish Tue Sep  9 14:23:05 2003
 70.68% done, estimate finish Tue Sep  9 14:23:08 2003
 76.58% done, estimate finish Tue Sep  9 14:23:10 2003
 82.47% done, estimate finish Tue Sep  9 14:23:16 2003
 88.35% done, estimate finish Tue Sep  9 14:23:16 2003
 94.24% done, estimate finish Tue Sep  9 14:23:15 2003
Total translation table size: 0
Total rockridge attributes bytes: 0
Total directory bytes: 1667072
Path table size(bytes): 12382
Max brk space used 1e9000
84896 extents written (165 Mb)
[root@rice root]# cdrecord -eject -v /opt/tmp/xp.iso
Cdrecord 2.0 (i686-pc-linux-gnu) Copyright (C) 1995-2002 J?rg Schilling
TOC Type: 1 = CD-ROM
scsidev: '0,0,0'
scsibus: 0 target: 0 lun: 0
Linux sg driver version: 3.1.24
Using libscg version 'schily-0.7'
atapi: 1
Device type    : Removable CD-ROM
Version        : 0
Response Format: 2
Capabilities   :
Vendor_info    : 'ATAPI   '
Identifikation : 'CD-RW 52X24     '
Revision       : 'F.FZ'
Device seems to be: Generic mmc CD-RW.
Using generic SCSI-3/mmc CD-R driver (mmc_cdr).
Driver flags   : MMC-3 SWABAUDIO BURNFREE FORCESPEED
Supported modes: TAO PACKET SAO SAO/R96P SAO/R96R RAW/R16 RAW/R96P RAW/R96R
FIFO size      : 4194304 = 4096 KB
Track 01: data   165 MB
Total size:      190 MB (18:51.97) = 84898 sectors
Lout start:      190 MB (18:53/73) = 84898 sectors
Current Secsize: 2048
ATIP info from disk:
  Indicated writing power: 4
  Is not unrestricted
  Is not erasable
  Disk sub type: Medium Type A, high Beta category (A+) (3)
  ATIP start of lead in:  -11849 (97:24/01)
  ATIP start of lead out: 359848 (79:59/73)
Disk type:    Long strategy type (Cyanine, AZO or similar)
Manuf. index: 25
Manufacturer: Taiyo Yuden Company Limited
Blocks total: 359848 Blocks current: 359848 Blocks remaining: 274950
Forcespeed is OFF.
Starting to write CD/DVD at speed 24 in real TAO mode for single session.
Last chance to quit, starting real write    0 seconds. Operation starts.
Waiting for reader process to fill input buffer ... input buffer ready.
BURN-Free is OFF.
Performing OPC...
Starting new track at sector: 0
Track 01:  165 of  165 MB written (fifo 100%) [buf  96%]  23.9x.
Track 01: Total bytes read/written: 173867008/173867008 (84896 sectors).
Writing  time:   62.441s
Average write speed  18.1x.
Min drive buffer fill was 96%
Fixating...
Fixating time:   14.950s
cdrecord: fifo had 2739 puts and 2739 gets.
cdrecord: fifo was 0 times empty and 1844 times full, min fill was 84%.
[root@rice root]#

  • At this point, I took out the freshly burned CD, labeled and dated it and put it in a sleeve to give back to my friends. As well as advice on delegating the currently working system as a backup/kid games system (I don't think its wise to count on a IDE hard drive that has had a sewer bath).

  • The amazing thing about this, is that it will take me longer to explain to my friends (who are "click and guess" computer users) how to find their files and copy them back to their hard drive than it actually took to create the backup using the Network Security Toolkit.

Prev   Next
Loopback Tricks Home Using a DVD+RW Drive