USING KNOPPIX FOR DATA RECOVERY

What is Knoppix?

Knoppix is a Linux distribution which boots from a CD.

Knoppix will not make any permanent changes to the system unless you choose otherwise.

It is released under the GNU General Public Licence^* (GPL), and as such is free and can be used without any licensing restrictions.

How do I use it?

It is a complete operating system, with GUI, that runs entirely from CD. You will need to change the boot sequence to boot from CD.

General note

Using Knoppix I have successfully retrieved data from a partially failed hard disk. Knoppix cannot help if the hard disk has completely failed. – in these circumstances data recovery specialists are recommended.

Copyright

This document is Copyright by Stuart Carter © 2003, and is released under the GNU Free Document Licence (http://www.gnu.org/licenses/fdl.txt). The two screen images on this document have been downloaded from www.knoppix.net and are copyright © Knoppix.net. All trademarks, copyright, and other property are acknowledged and their use in this document is not intended as a challenge to those copy or other rights, even though copyright and intellectual property is theft. Sorry, just my opinion.

First boot

Once the system starts booting up, you will see a

boot:

prompt – hit return, and Knoppix should auto-detect all of the system hardware.

If the system you are working on is quite new (for example, the Dell Latitude D series) Knoppix may have problems detecting hardware – you may wish to consider an alternate recovery strategy for these systems.

Knoppix requires 128MB RAM to run optimally – you can run it on a system with 64MB, but it will be very slow. If using with a 64MB PC, Knoppix will prompt you to set up a swap file –128MB of swap file is recommended.

The swap file will be written to the hard drive as C:\knoppix.swp – once you have finished your data recovery you can simply delete this file.

After boot

Once you have booted into the GUI it is a good time to check and change the keyboard settings where appropriate – on the bottom right hand corner of the screen you will probably see a US flag. Right click on it, and choose Configure – you can then select UK English.

Setting up network shares

Left click on the big K^* in the bottom left hand corner of the screen, navigate to Internet, and left click on LinNeighborhood. This will start up a network browser which will be empty.

In LinNeighborhood, go to the Prefs button. Under Scan, type the name of your Windows domain or workgroup into workgroup.

Ensure that

Always scan as user

use group name on browse

use group name on mount

initial browse on startup

are all checked.

Under Miscellaneous, configure the default user (DOMAIN\username), password, and check that

use ‘RootMountDir’

is checked. Save – close.

If the network browser does not auto-populate with machine details, click

options

browse entire network.

This may take a minute or two while the network details propagate.

You will now be able to map a shared folder by using the LinNeighborhood browser.

For example, I have a shared folder on my D partition called “StuartShare”. Using LinNeighborhood, I can browse to my PC name, and left click the + sign: this shows all the shares on my machine, including the StuartShare. Left click on the share name, and choose “Mount”. This will mount the share as

/home/knoppix/mnt/(PC_Name)/(sharename)

You will understand the significance of this shortly.

On the PC desktop will be a number of icons called “Hard Disk Partition [hda{number}]” – left clicking on any of these will start up the Konqueror browser.

The hda numbers correspond to the Windows naming convention – hda1 is C:, hda2 is D:, etc.

Click on one of these icons to start up a Konqueror session, then again to open a second Konqueror session.

In the first Konqueror session, head to the Go menu – choose “home URL”. Under the Home Directory you will see Desktop, mnt, and tmp. Your PC_Name share is under the mnt folder.

In the second Konqueror browser, you can now navigate to the user’s data directories under hda(number).

Once you have done so you can copy the user files to your PC_Name mount point in the first window. Right click – copy – paste works fine, as does drag and drop.

If you get an error message that you cannot copy the files, make sure that the Windows permissions on the PC_Name share allow authenticated users full control.

Once you have finished backing up the user’s data, close out of the Konqueror browser windows, and go back to LinNeighborhood.

Right click on your mount point in the bottom sector of the window, and choose “unmount”.

Close out of LinNeighborhood, right click on the desktop, and choose “logout Knoppix”.

Confirm your logout request, and the system will shut down – it will even eject the CD for you.

Once the CD has ejected, hit return and the PC will shut down. You may wish to reboot the PC to change the boot sequence back to its original settings.

Now that the user data has been successfully backed up (or proven to be beyond recovery), you can wipe the hard disk.