Archive for the ‘Restore’ Category

Recovery Console

Posted: January 7, 2010 in Networking, Restore, System Information
Tags: , ,
3

The Recovery Console is a feature of the Windows 2000, Windows XP and Windows Server 2003 operating systems. It provides the means for administrators to perform a limited range of tasks using a command line interface. Its primary function is to enable administrators to recover from situations where Windows does not boot as far as presenting its graphical user interface. As such, the Recovery Console can be accessed either through the original installation media used to install Windows, or it can also be installed to the hard drive and added to theNTLDR menu.

The recovery console has a simple command line interpreter. Many of the available commands closely resemble the command-line commands that are normally available on Windows, namely attrib, copy, del, and so forth.

From the recovery console an administrator can:

  • create and remove directories, and copy, erase, display, and rename files
  • enable and disable services (which modifies the service control database in the registry, to take effect when the system is next bootstrapped)
  • write a new Master Boot Record to a disc, using the fixmbr command
  • write a new Volume Boot Record to a volume, using the fixboot command
  • format volumes
  • expand files from the compressed format in which they are stored on the installation CD-ROM
  • perform a full CHKDSK scan to repair corrupted disks and files, especially if the computer cannot be started properly

Filesystem access on the recovery console is by default severely limited. An administrator using the recovery console has only read-only access to all volumes except for the boot volume, and even on the boot volume only access to the root directory and to the Windows system directory (e.g. \WINNT). This can be changed by changing Security Policies to enable read/write access to the complete file system including copying files from removable media (i.e. floppy drives).

Although it appears in the list of commands available by using the help command, and in many articles about the Recovery Console (including those authored by Microsoft), the netcommand is not available. No protocol stacks are loaded, so there is no way to connect to a shared folder on a remote computer as implied.

Advertisement

Types of Backup

Posted: January 7, 2010 in Networking, Restore, System Basics, System Information
Tags: , , ,
0

Normal—Backs up the files you select, and marks the files as backed up.

Incremental—Backs up the files that changed since the last backup, and marks the files as backed up.

Differential—Backs up the files that changed since the last backup, but doesn’t mark the files as backed up.

Copy—Backs up the files you select, but doesn’t mark the files as backed up.

Daily—Backs up the files that changed that day, but doesn’t mark the files as backed up.

Data Recovery

Posted: January 7, 2010 in Networking, Restore, System Basics, System Information
Tags: ,
0

Data recovery is the process of salvaging data from damaged, failed, corrupted, or inaccessible secondary storage media when it cannot be accessed normally. Often the data are being salvaged from storage media such as hard disk drives, storage tapes, CDs, DVDs, RAID, and other electronics. Recovery may be required due to physical damage to the storage device or logical damage to the file system that prevents it from being mounted by the host operating system.

The most common “data recovery” issue involves an operating system (OS) failure (typically on a single-disk, single-partition, single-OS system), where the goal is to simply copy all wanted files to another disk. This can be easily accomplished with a Live CD, most of which provide a means to 1) mount the system drive, 2) mount and backup disk or media drives, and 3) move the files from the system to the backup with a file manager or optical disc authoring software. Further, such cases can be mitigated by disk partitioning and consistently moving valuable data files to a different partition from the replaceable OS system files.

The second type involves a disk-level failure such as a compromised file system, disk partition, or a hard disk failure —in each of which the data cannot be easily read. Depending on the case, solutions involve repairing the file system, partition table or MBR, or hard disk recovery techniques ranging from software-based recovery of corrupted data to hardware replacement on a physically damaged disk. These last two typically indicate the permanent failure of the disk, thus “recovery” means sufficient repair for a one-time recovery of files.

A third type involves the process of retrieving files that have been “deleted” from a storage media, since the files are usually not erased in any way but are merely deleted from the directory listings.

Although there is some confusion as to the term, the term “data recovery” may be used to refer to such cases in the context of forensic purposes or spying.

Recovering data after physical damage

A wide variety of failures can cause physical damage to storage media. CD-ROMs can have their metallic substrate or dye layer scratched off; hard disks can suffer any of several mechanical failures, such as head crashes and failed motors; tapes can simply break. Physical damage always causes at least some data loss, and in many cases the logical structures of the file system are damaged as well. This causes logical damage that must be dealt with before any files can be salvaged from the failed media.

Most physical damage cannot be repaired by end users. For example, opening a hard disk in a normal environment can allow airborne dust to settle on the platter and become caught between the platter and the read/write head, causing new head crashes that further damage the platter and thus compromise the recovery process. Furthermore, end users generally do not have the hardware or technical expertise required to make these repairs. Consequently, costly data recovery companies are often employed to salvage important data. These firms often use “Class 100” / ISO-5 cleanroom facilities to protect the media while repairs are being made. (Any data recovery firm without a pass certificate of ISO-5 or better will not be accepted by hard drive manufacturers for warranty purposes

Recovery techniques

Recovering data from physically-damaged hardware can involve multiple techniques. Some damage can be repaired by replacing parts in the hard disk. This alone may make the disk usable, but there may still be logical damage. A specialized disk-imaging procedure is used to recover every readable bit from the surface. Once this image is acquired and saved on a reliable medium, the image can be safely analysed for logical damage and will possibly allow for much of the original file system to be reconstructed.

Hardware repair

Examples of physical recovery procedures are: removing a damaged PCB (printed circuit board) and replacing it with a matching PCB from a healthy drive, performing a live PCB swap (in which the System Area of the HDD is damaged on the target drive which is then instead read from the donor drive, the PCB then disconnected while still under power and transferred to the target drive), read/write head assembly with matching parts from a healthy drive, removing the hard disk platters from the original damaged drive and installing them into a healthy drive, and often a combination of all of these procedures. Some data recovery companies have procedures that are highly technical in nature and are not recommended for an untrained individual. Any of them will almost certainly void the manufacturer’s warranty.

Disk imaging

The extracted raw image can be used to reconstruct usable data after any logical damage has been repaired. Once that is complete, the files may be in usable form although recovery is often incomplete.

Open source tools such as DCFLdd or DOS tools such as HDClone can usually recover data from all but the physically-damaged sectors. Studies have shown that DCFLdd v1.3.4-1 installed on a Linux 2.4 Kernel system produces extra “bad sectors” when executed with certain parameters, resulting in the loss of information that is actually available. These studies state that when installed on a FreeBSD Kernel system, only the bad sectors are lost. DC3dd, a tool that has superseded DCFLdd, and ddrescue resolve this issue by accessing the hardware directly. Another tool that can correctly image damaged media is ILook IXImager.

Typically, Hard Disk Drive data recovery imaging has the following abilities: (1) Communicating with the hard drive by bypassing the BIOS and operating system which are very limited in their abilities to deal with drives that have “bad sectors” or take a long time to read. (2) Reading data from “bad sectors” rather than skipping them (by using various read commands and ECC to recreate damaged data). (3) Handling issues caused by unstable drives, such as resetting/repowering the drive when it stops responding or skipping sectors that take too long to read (read instability can be caused by minute mechanical wear and other issues). and (4) Pre-configuring drives by disabling certain features, such as SMART and G-List re-mapping, to minimize imaging time and the possibility of further drive degradation.

Create Your Own Restore Points

Posted: August 20, 2009 in Restore, Windows XP
Tags:
0


Create Your Own Restore Points

Windows XP makes it easy for you to take a snapshot of critical system files before

you make any major changes, such as installing new software, adding hardware devices, or

changing the registry. (Windows XP automatically creates system restore points, called

system checkpoints, but you can create your own to make it even easier to recover your

system in case of a failure.) Note that using restore points doesn’t affect your

personal files, such as the My Documents or Favorites folders.

· Click Start, point to All Programs, point to Accessories, point to System Tools, and

then click System Restore.

· In the System Restore dialog box, click Create a restore point, and then click

Next.

· Type a description for your restore point, such as “Before Office XP”, then click

Create.

· If your system fails, press F8 in the boot menu, and then click Last known good

configuration. Windows XP restores your system to the most recent restore point.

Fix Master Boot Record in Vista

Posted: August 19, 2009 in Restore, Vista
0

If your hard drive encounters a serious error (perhaps a failed operating system install, corruption or a virus) then you may get an “Error Loading Operating System” message on boot.

This often means that you have a corrupt Master Boot Record (MBR) which can be fixed with the Vista repair tool. This should be one of the first things done to resolve the above error message, as performing a format and reinstall will cause a loss of data.

First, insert the Vista DVD into the computer and restart it (to start the boot process). You will be asked to press any key to boot from the DVD

Then, fill in the language and location options and click Next

Now, click Repair your Computer in Left Hand Corner.

Then, select your Vista partition and click Next

Select Command Prompt from the system recovery options window

Once you are at the command prompt, run the following commands

Bootrec.exe /fixMBR
Bootrec.exe /fixBoot

The first command fixes the Master Boot Record, and the second fixes the Boot Sector (just in case it is also damaged).

You can now close the command prompt, remove the Vista DVD and click Restart. This should reload Windows with a repaired MBR

You may have noticed there was a “startup repair” option in the Vista boot application. This may also be able to fix your startup problems, but this slightly longer method will fix MBR problems.

Steps to Restore Vista

Posted: August 19, 2009 in Restore, System Information, Vista
0

One of the most useful tools in Windows Vista is without a doubt the System Restore tool. This handy little feature can roll back your system to a previous point in time, potentially eliminating any problematic errors caused by a recent change.

System restore points are created automatically (during installation or new updates/applications), however you can create your own should you wish. It should be noted that documents, photos, e-mails and other such items will not be backed up or restored – only major system settings and applications.

To open system restore, run “rstrui” from the run menu (Press WINDOWS KEY + R to access this). You can either restore the most recent backup, or select from an older restore point. Once you have made your selection, click next

You will then be asked to confirm your selection by checking the details and clicking next

Your system will then restart and roll back the system to how it was at the previous restore point. Hopefully fixing the problem that necessitated this action. You are given the option of undoing the system restore option if you so wish