Booting Linux from a Flash Drive for File Recovery
Hello again,
After a long time we are back to talk about some more cool tech stuff you can do with a USB flash drive. Todays topic will focus on booting the linux OS from a USB stick. The purpose for booting linux from a USB drive, at least the purpose of this guide, is to recover files from a broken install of the windows OS or any other OS for that matter. We can also run virus scans from the linux distro securely without infecting other pc’s or having to boot the infected pc.
What you will need:
- A USB stick anywhere from 512mb to 2GB (Depending on the distro)
- A main board capable of booting from a usb device.
- and about 15 minutes plus download time.
Software to be used:
- Latest stable version of UNetbootin Located Here.
Step #1: Prepare the USB Drive
Once you have all your materials together go ahead and plug the USB drive in and backup all files you may have on the disk.
Step #2: Installing to The USB
Start up UNetbootin and select the following:
- Use the first radio button “Distribution”. This will download and install, automatically, the distro we want.
- Pick SystemRescueCD. We are going with this because it is easy the ntfs file system driver comes prepackaged so no additional customization is required.
- Next select your flash drive.
NOTE: Be sure to select your flash drive and not your windows partition or primary partition, ’cause if you do then you will destroy the currently installed OS. - Finally click “Ok”.
UNetbootin options to select
Step #3: Configuring Bios
We will need to setup your computer to boot from the usb stick. To do so first you mother board will need to support this feature and second you will need to do some configuration.
- Reboot your computer and hit “F2” or “del” depending on your mother board to enter BIOS config.
- Search for the section labeled boot sequence, or named similarly. This will sometimes be filed under a separate section like advanced BIOS features, or similar.
- Move removable or usb to the top of the list. If you do not see these options listed your mother board most likely does not support USB boot. Consult google for more info on this.
- Reboot the computer with the drive plugged in.
Step #4: Booting linux
We are going to boot into command line for this guide. There are options to load a GUI for those of you who tremble in the face of CLI. I must warm you though Command Line is by far easier and faster.
- Once your computer passes post you will see the boot loader screen. Navigate to “VMLinuz64” and hit enter.
After a bunch of OK’s on the screen and most likely 1 red FAIL you will be at the prompt “root@sysresccd /root %”. This would indicate a success.
Step #5: Copying files from a windows partition onto an external hard disk.
For this you will need an external medium on which to move your files have this ready to receive your data. You can also use the usb stick which you booted from, if of course there is enough space on it.
- First we will need to identify our drives. I will assume you have two storage devices plugged in one being the flash drive and the other your windows hard drive. Execute the command below:
fdisk -l | less
NOTE: If you choose another distro of linux less may not be available, you may omit ” | less” in such case.
This command will show you all the storage devices on your system. Use the down and up arrows to navigate the output as it may be larger than your screen. My output for this command is shown below:
Disk /dev/sda: 160.0 GB, 160000000000 bytes 255 heads, 63 sectors/track, 19452 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Disk identifier: 0xd0f4738c Device Boot Start End Blocks Id System /dev/sda1 * 1 19451 156240126 7 HPFS/NTFS Disk /dev/sdb: 2085 MB, 2085617664 bytes 2 heads, 63 sectors/track, 32329 cylinders Units = cylinders of 126 * 512 = 64512 bytes Disk identifier: 0x00502bcd Device Boot Start End Blocks Id System /dev/sdb1 * 1 32330 2036720 6 FAT16
My device is 160GB NTFS partition. Knowing those two bits of info we can take an educated guess and say /dev/sda1 is our partition on the windows hard disk that we want to mount, the whole disk can be referenced by /dev/sda. Using /dev/sda in a mount command will most likely fail, you will need to use /dev/sda1.
NOTE: To exit this output screen press “q”.
- Mount the windows drive so that we can access the files on it. Run the mount command below:
mount /dev/sda1 /mnt/windows
NOTE: you will need to replace “/dev/sda” with your device found from the output of fdisk -l. It is likely though that they will be the same. Also note that mount will fail if you attempt to mount to a folder that doesn’t exist.
If you want full read write capability for the windows hard disk and are using SystemRescueCD distro run the following command:
ntfs-3g /dev/sda1 /mnt/windows
This command will also work on other distros if you have ntf-3g included/installed.
- Lets find out if we mounted the right device now. Run:
ls /mnt/windows
This command will list the files and folders in a directory. If you see the tell tale Program Files and WINDOWS directories it was successfully mounted.
- Time to get our backup device out. Plug it in and wait a few seconds then run the fdisk command again:
fdisk -l
or
cat /proc/partitions
NOTE: Running “cat /proc/partitions” will list all partitions. Be sure to mount the correct partition on the device. Usually these are /dev/sdc1 or /dev/sde1 and not /dev/sdc or /dev/sde.
Partitions not followed by numbers are usually the device itself and therefor cannot be mounted. Bellow is the output of “cat /proc/partitions” our backup device is /dev/sdc1. All devices are stored in /dev/ therefor we know that the location of the ones in the list below are /dev/xxx.
major minor #blocks name 8 0 168234527 sda 8 1 156240126 sda1 8 16 2086584 sdb 8 32 2036720 sdb1 8 48 244198584 sdc 8 49 238155561 sdc1
You should see both devices you saw last time and now a new one should be there. Match the size of the device to yours and note the device location most likely /dev/sdc.
Mount this device to the pre-made backup folder using the mount command again:mount /dev/sdc1 /mnt/backup
- Now it is time to copy things from the old windows drive to the backup disk.
If you want to copy your entire windows drive to your back up drive run this command:cp -R /mnt/windows/* /mnt/backup/YOUR_FOLDER_NAME
If you plan on copy single files type the full file path and then the full destination path.
Additional Useful Commands:
- Sometimes a virus can infected the very first bit of code that is executed on your system the MBR (Master Boot Record). Luckily we can clean this up with relative ease in linux. Execute:
dd if=/dev/zero of=/dev/sdb bs=512 count=1
Remember to replace “/dev/sdb” with your device cause if you miss and clean the wrong one you may have some issues. In this case we want the actual device and not a partition on the device so we are selecting /dev/sdb and not /dev/sdb1 since writing to /dev/sdb1 wouldn’t start at block #0.
- Maybe you do not have an external device to back stuff up but you have another computer with a network share. Well lets mount that network share so we can copy files to it. Create a mount point:
mkdir /mnt/network
Mount the share:
mount -t smbfs //computername/folder /mnt/network -o username=user1,password=mypasshere
Now you can copy and move files to the network share just like any other directory.
To mount a share without a password use:mount -t smbfs //computername/folder /mnt/network
- For now this little section is finish although I am sure there will be additional things added as people leave comments.
Until Next Time
-Nick