Booting Linux from a Flash Drive for File Recovery

by Nick on December 22nd, 2009

Hello again,

After a long time we are back to talk about some more cool tech stuff you can do with a USB flash drive. Todays topic will focus on booting the linux OS from a USB stick. The purpose for booting linux from a USB drive, at least the purpose of this guide, is to recover files from a broken install of the windows OS or any other OS for that matter. We can also run virus scans from the linux distro securely without infecting other pc’s or having to boot the infected pc.

What you will need:

  • A USB stick anywhere from 512mb to 2GB (Depending on the distro)
  • A main board capable of booting from a usb device.
  • and about 15 minutes plus download time.

Software to be used:

Step #1: Prepare the USB Drive

Once you have all your materials together go ahead and plug the USB drive in and backup all files you may have on the disk.

Step #2: Installing to The USB

Start up UNetbootin and select the following:

  1. Use the first radio button “Distribution”. This will download and install, automatically, the distro we want.
  2. Pick SystemRescueCD. We are going with this because it is easy the ntfs file system driver comes prepackaged so no additional customization is required.
  3. Next select your flash drive.
    NOTE: Be sure to select your flash drive and not your windows partition or primary partition, ’cause if you do then you will destroy the currently installed OS.
  4. Finally click “Ok”.
UNetbootin options to select

UNetbootin options to select

Step #3: Configuring Bios

We will need to setup your computer to boot from the usb stick. To do so first you mother board will need to support this feature and second you will need to do some configuration.

  1. Reboot your computer and hit “F2” or “del” depending on your mother board to enter BIOS config.
  2. Search for the section labeled boot sequence, or named similarly. This will sometimes be filed under a separate section like advanced BIOS features, or similar.
  3. Move removable or usb to the top of the list. If you do not see these options listed your mother board most likely does not support USB boot. Consult google for more info on this.
  4. Reboot the computer with the drive plugged in.

Step #4: Booting linux

We are going to boot into command line for this guide. There are options to load a GUI for those of you who tremble in the face of CLI. I must warm you though Command Line is by far easier and faster.

  1. Once your computer passes post you will see the boot loader screen. Navigate to “VMLinuz64” and hit enter.

After a bunch of OK’s on the screen and most likely 1 red FAIL you will be at the prompt “root@sysresccd /root %”. This would indicate a success.

Step #5: Copying files from a windows partition onto an external hard disk.

For this you will need an external medium on which to move your files have this ready to receive your data. You can also use the usb stick which you booted from, if of course there is enough space on it.

  1. First we will need to identify our drives. I will assume you have two storage devices plugged in one being the flash drive and the other your windows hard drive. Execute the command below:
    fdisk -l | less

    NOTE: If you choose another distro of linux less may not be available, you may omit ” | less” in such case.

    This command will show you all the storage devices on your system. Use the down and up arrows to navigate the output as it may be larger than your screen. My output for this command is shown below:

    Disk /dev/sda: 160.0 GB, 160000000000 bytes
    255 heads, 63 sectors/track, 19452 cylinders
    Units = cylinders of 16065 * 512 = 8225280 bytes
    Disk identifier: 0xd0f4738c
     Device      Boot      Start      End      Blocks       Id   System
    /dev/sda1    *         1          19451    156240126    7    HPFS/NTFS
    Disk /dev/sdb: 2085 MB, 2085617664 bytes
    2 heads, 63 sectors/track, 32329 cylinders
    Units = cylinders of 126 * 512 = 64512 bytes
    Disk identifier: 0x00502bcd
    Device       Boot      Start      End      Blocks     Id   System
    /dev/sdb1    *         1          32330    2036720    6    FAT16

    My device is 160GB NTFS partition. Knowing those two bits of info we can take an educated guess and say /dev/sda1 is our partition on the windows hard disk that we want to mount, the whole disk can be referenced by /dev/sda. Using /dev/sda in a mount command will most likely fail, you will need to use /dev/sda1.

    NOTE: To exit this output screen press “q”.

  2. Mount the windows drive so that we can access the files on it. Run the mount command below:
    mount /dev/sda1 /mnt/windows

    NOTE: you will need to replace “/dev/sda” with your device found from the output of fdisk -l. It is likely though that they will be the same. Also note that mount will fail if you attempt to mount to a folder that doesn’t exist.

    If you want full read write capability for the windows hard disk and are using SystemRescueCD distro run the following command:

    ntfs-3g /dev/sda1 /mnt/windows

    This command will also work on other distros if you have ntf-3g included/installed.

  3. Lets find out if we mounted the right device now. Run:
    ls /mnt/windows

    This command will list the files and folders in a directory. If you see the tell tale Program Files and WINDOWS directories it was successfully mounted.

  4. Time to get our backup device out. Plug it in and wait a few seconds then run the fdisk command again:
    fdisk -l


    cat /proc/partitions

    NOTE: Running “cat /proc/partitions” will list all partitions. Be sure to mount the correct partition on the device. Usually these are /dev/sdc1 or /dev/sde1 and not /dev/sdc or /dev/sde.

    Partitions not followed by numbers are usually the device itself and therefor cannot be mounted. Bellow is the output of “cat /proc/partitions” our backup device is /dev/sdc1. All devices are stored in /dev/ therefor we know that the location of the ones in the list below are /dev/xxx.

    major minor  #blocks  name
     8     0  168234527  sda
     8     1  156240126  sda1
     8    16    2086584  sdb
     8    32    2036720  sdb1
     8    48  244198584  sdc
     8    49  238155561  sdc1

    You should see both devices you saw last time and now a new one should be there. Match the size of the device to yours and note the device location most likely /dev/sdc.
    Mount this device to the pre-made backup folder using the mount command again:

    mount /dev/sdc1 /mnt/backup
  5. Now it is time to copy things from the old windows drive to the backup disk.
    If you want to copy your entire windows drive to your back up drive run this command:

    cp -R /mnt/windows/* /mnt/backup/YOUR_FOLDER_NAME

    If you plan on copy single files type the full file path and then the full destination path.

Additional Useful Commands:

  • Sometimes a virus can infected the very first bit of code that is executed on your system the MBR (Master Boot Record). Luckily we can clean this up with relative ease in linux. Execute:
    dd if=/dev/zero of=/dev/sdb bs=512 count=1

    Remember to replace “/dev/sdb” with your device cause if you miss and clean the wrong one you may have some issues. In this case we want the actual device and not a partition on the device so we are selecting /dev/sdb and not /dev/sdb1 since writing to /dev/sdb1 wouldn’t start at block #0.

  • Maybe you do not have an external device to back stuff up but you have another computer with a network share. Well lets mount that network share so we can copy files to it. Create a mount point:
    mkdir /mnt/network

    Mount the share:

    mount -t smbfs //computername/folder /mnt/network -o username=user1,password=mypasshere

    Now you can copy and move files to the network share just like any other directory.
    To mount a share without a password use:

    mount -t smbfs //computername/folder /mnt/network
  • For now this little section is finish although I am sure there will be additional things added as people leave comments.

Until Next Time


Leave a Reply

Note: XHTML is allowed. Your email address will never be published.

Subscribe to this comment feed via RSS