NOTE: You can now do great damage as well as good, so be careful. If you don’t know what you are doing, find out before you procede!Since Knoppix does not write to the local hard drive during installation, it can be used to rescue computer systems that do not have a functioning operating system or hard drive. This can be due to MBR corruption, a failing hard drive, lost partitions, or a broken GRUB configuration. Knoppix can also be used to reset lost Linux or Windows passwords.
Knoppix runs as the user ‘knoppix’, to run commands that require root access you can either su to root from the shell or run the command sudo before the command you intend to run. Knoppix runs with the KDE desktop by default. To start with a different desktop manager, you can use some cheat codes. All cheat codes start with knoppix and are then followed with the cheat code. So to start with the Fluxbox window manager, for instance, you would use the cheat code knoppix desktop=fluxbox. If you are more comfortable working with a GUI, your hard drive will be all nicely laid out, iconified, and even mounted right on the desktop. In order to use Konquer to browse all of your hard drive you will need to run one terminal command. Open a shell, su to root and run the command konqueror /home/knoppix/Desktop. This will give you a file browser with root permissions. From here you can navigate through the file structure of your hard drive. If you prefer the command line, simply su to root, then have at it.
By default, Knoppix mounts the file system on the local hard drive as read only. If you are going to make any changes to your local hard drive you will need to mount the partitions on your local drive as read/write. There are two ways to do this, you can either use the root Konqueror window you opened before, browse to the Desktop, right click the partition you wish to mount read/write, and select . The partition is now mounted but as read only. Now right click the icon again and select . Your local hard drive is now mounted as read/write.
NOTE: You can now do great damage as well as good, so be careful. If you don’t know what you are doing, find out before you procede!
In order to mount a partition as read/write from the command line, first su to root, then remount the partition with:
mount -o dev,rw /mnt/hda1.
Once you have your file systems mounted you can get to work.
GRUB is the most common boot loader for Linux systems. It can be used to select between different operating systems for dual boot systems. GRUB can be messed up if its configuration file is improperly altered or if a Windows install overwrites the MBR.
If the wounds are self-inflicted and you made a mistake editing your GRUB configuration file, you can simply mount the drive with Knoppix and copy your backup back over as the primary. What’s that? You don’t have a backup? Well then you can simply open the grub.conf file in your favorite text editor and have at it.
If the damage comes from GRUB being corrupted, whether from a Windows installation or some other event, GRUB itself can be rebuilt with the grub-install command.
So you suddenly realize your computer is making more noise than you remember. That bargain 300 gig hard drive sounds like a chevy needing a valve job. Knoppix can help here too. Since Knoppix runs from RAM and the CD-ROM drive, it has a couple benefits with damaged or dying hard drives. First of all, with Knoppix the operating system itself can not be damaged. Secondly, while performing operations to recover data from the drive, Knoppix will not be taxing the drive further.
When your hard drive is failing you can decide whether to try and backup as much data as possible or to try and mirror the drive. Mirroring the drive can be done by installing another drive in the computer and using the dd command to mirror the drive. Often if a drive is corrupted badly enough to prevent booting, dd may not run properly. dd is intended to work on stable media. If the hard drive has many bad blocks of data, then dd may fail. Knoppix also ships with dd_rescue. This rewrite of dd attempts to deal with bad blocks by utilizing the principle of locality. If dd_rescue hits a bad block it will skip ahead and start reading backwards, attemting to isolate bad blocks.
If disk imaging is not practical, Knoppix also comes with K3b and cdrecord CD burning tools. Or if you have the space and bandwidth Knoppix can be used to transfer files over the network with ftp.
There are a number of different methods to reset the root password on the local hard drive, but the only method I could get to work was to su to root then mount the partition holding your /etc directory as read/write (on my Fedora Core 2 computer its /mnt/hda5). Then you can use vi to edit the /etc/passwd file. The first line should look like this:
root:x:0:0:root:/root:/bin/bash
Simply delete the x then save the file and reboot your Linux system. Once Linux is up and running, just su to root. There is currently no root password so you need to reset it with passwd. Just like that your forgotten password is replaced
Knoppix provides an array of tools for rescuing or repairing your Linux installation. Beyond this, Knoppix can be used to install Linux to a hard drive, partition a hard drive, recover deleted data and more. Since Knoppix itself is Linux, this is not especially amazing. What is surprising is Knoppix's ability to repair or rescue Microsoft Windows systems.
NOTE: If at all possible defragment your windows hard drive before using Knoppix to write to your hard drive. Due to common file system fragmentation, data loss or corruption can occur.
While it probably comes as no surprise that Knoppix can be used to repair Linux, Knoppix works quite well with fixing Windows as well. From virus recovery to hard drive failure even resetting NT passwords, Knoppix can provide the tools needed to rescue your Windows system.
For the most part, mounting your Windows partitions follows the same procedures as used to mount a Linux partition. The primary difference is if you are mounting an NTFS partition as read/write. The NTFS File System is a proprietary Microsoft file system and is used in NT and Windows 2000 as well as many Windows XP systems. The specifications about how the file system works have not been released so while the Linux kernel does feature utilities to read NTFS file systems, it does not support NTFS write natively. Rescuing data to a slaved hard drive or network location can still be accomplished with dd but password recovery or downloading to the drive will require writing to the Windows hard drive.
Knoppix comes with a utility called Captive-NTFS. Captive-NTFS uses Wine to load the native Windows NTFS drivers. Wine (Wine is not an emulator) is a Windows compatibility layer which allows programs compiled for Windows to run on Linux. To start Captive-NTFS click the menu then choose and . Captive-NTFS will then scan your hard drive for the required Windows Drivers. Once Captive-NTFS locates the required files, it runs them and mounts the drive in read/write mode. In the event Captive-NTFS cannot locate the required files, it will attempt to download them from Microsoft. You will need a connection to the Internet for this. While the files needed are freely available from Microsoft you are required to have a valid Windows XP license to download them. You may be prompted to confirm your license. Once the Drivers are loaded the hard drive will be mounted in read/write mode.
If you missed this above, it bears repeating.
NOTE: You can now do great damage as well as good, so be careful. If you don’t know what you are doing, find out before you procede!
If a virus has rendered a Windows system unable to boot or even if the computer just has a nasty virus that is difficult to remove. Knoppix can help repair the damage. An un-patched Windows system will likely be infected with viruses within minutes of connecting to the Internet. Knoppix can be used to download the updates so they can be installed offline.
Knoppix does not come with anti-virus software. It does come with the ability to install software over the Internet while running from the CD-ROM. The Knoppix-Live Installer can be used to download and install an assortment of software, among them a virus scanner called F-Prot. From the KNOPPIX menu, select and . A warning screen will pop up explaining the Knoppix-Live Installer and crediting the author. From here you will be presented with a small assortment of software which can be installed. Select the option and click the OK button. Once the installer completes, there will be a new icon on the Desktop. Open the menu and select the entry. You will be presented with another menu. In most cases, the first thing you would want to do is update the antivirus definitions. To do this select . Once the online update completes, the virus scan can be run by choosing a partition or file to scan then running the antivirus scan. Once the scan is complete, suspicious files can be deleted or quarrantined. If necessary a specialized removal tool can be downloaded from the Internet. Having Knoppix running rather than the infected Windows operating system will prevent the virus from spreading further or causing additional damage. For the truly adventurous, an advanced Windows user can edit the registry to remove traces of viruses or spyware.
The ability to access the internet and write to an Windows hard drive makes Knoppix a great tool for downloading Windows Security Updates while insulating the Windows operating system from attack while it is unpatched. All you have to do is visit the Microsoft Technet Web site, search for and download any needed updates. I was actually even able to download the new Microsoft Antispyware program.
Knoppix has even more capabilities for repairing Windows. Knoppix can be used to reset a Windows user password or resize disk partitions. Knoppix can backup and recover data on both Windows and Linux systems. It does have its limitations though.
