Recovering Data from Windows systems by using Linux

We have all run into cases where Windows fails to load for one reason or another. The problem may be hardware or a software failure, and the problem may seem to be irrecoverable. Yet often Linux can be used to help recover data that otherwise might be lost. Another application of using Linux recovery is in the creation of disk images for post-mortem analysis of security breaches. While such images are not created according to forensics standards (which usually requires special hardware) and would not be likely to be of help in legal cases, they are helpful in internal reviews following such incidents.

Note: The paper represents testing and documentation in a lab environment. User Account Control (UAC) is an essential security component to Windows and Microsoft does not recommend turning off UAC in production environments.

Download: Linux Recovery White Paper
News source: Port 25

Report a problem with article
Previous Story

Microsoft sends out Windows Live Messenger 9.0 beta invites

Next Story

How I Use Outlook - 7 Tips

8 Comments

Commenting is disabled on this article.

It's what i have been trying to do during the last days, recover some documents from an NTFS windows xp harddisk that has been damaged, still no luck..
I already used the dd, ddrescue, dd_rescue but all stops when the bad sectors area is near.... still looking for solution

done something similar to this a few times when my storage drive has lost the the partition on the drive and windows doesnt see it , boot up into linux and it see's it cos of the ability to read raw data , saved a fair few gigs using fedora to back the stuff up with

User Account Control (UAC) is an essential security component to Windows and Microsoft does not recommend turning off UAC in production environments.

If it's so essential maybe they should have done a better job designing it. I remember during the betas they asked what people thought of it. They (most replies I saw on the beta site) said they hated it. Microsoft basically replied "too bad" and did it anyway. Why bother asking if you're not going to listen?

"Published by the Open Source Software Lab at Microsoft"

This document sends out a lot of signals, both good and bad. :ponder:

But what's the point? I mean, this is paper presents nothing new. It says in the doc that one needs to be familiar with the linux terminal / commands. If one is already familiar with linux commands, why would they be reading this doc in the first place? Those people would either already know how to make an image, or they would atleast have enough skill to use Knoppix / SystemRescueCd / partimage etc to create an image.

And eight pages in a nice polished pdf, just to say "bash# dd if=[device] of=[imagename]conv=noerror" ?!

What's the point? I'm not exactly sure, either. These documents are already all over the web.

Maybe they are just warming up to write a new article: How to Recover Your Linux Install from a Windows LiveCD ? I don't think a single article about that exists yet.

markjensen said,
What's the point? I'm not exactly sure, either. These documents are already all over the web.

Maybe they are just warming up to write a new article: How to Recover Your Linux Install from a Windows LiveCD ? I don't think a single article about that exists yet.

Linux can read and write to Windows drives, but not the other way around.

Foub said,

Linux can read and write to Windows drives, but not the other way around.

There are file system drivers that allow read and write access to ext2 and ext3 partitions/drives. EXT2IFS for 2k/XP and should work on Vista with a few extra steps involved.