|
Home »
Podcasts
»
2006 Podcasts
Listen to the podcast: Sometimes, it's not
what you think. Transcript This is Leo Notenboom with news, commentary and answers to some of the many questions I get at askleo.info. This week I want to share some of my experiences, frustrations and the final solution as I attempted to recover data from a friends hard disk. A non-technical friend got a new computer, and I inherited the old. Naturally, it had important information on it that this friend didn't want to lose. Also as naturally, it was most likely heavily infected with viruses and spyware. So the challenge was how to copy the hard disk contents off without actually booting the operating system and activating any malware while the machine sat on the supposedly "safe" side of my firewall. My first thought was to boot the machine using the Knoppix live CD. Booting into Linux would absolutely prevent any malware from firing up, and once booted, there are several options for copying the entire hard disk to another location on my network. So I changed the boot order in the BIOS, and booted from the latest Knoppix CD. It booted fine, I could examine the system's hard disk, and everything looked good. Except for the network. After a couple of reboots, the network wouldn't initialize - it would fail to get an IP address. My next thought was to boot from a bootable Windows CD I'd created using BartPE. While I'd have to be a little more careful not to activate malware by mistake, it "should" be safe. Once again the machine booted fine, I could examine the hard disk and so on - except now the network wouldn't work at all. It looked like a hardware failure. I plugged into a different hub on my network. (Which also involved a few minutes building a new network cable, since I didn't happen to have any that were long enough to reach the other device.) No luck. I added a different network card to the machine. Still no luck. So at this point, what would you do? Out of desperation, I warned my wife that our network was going down for a few minutes, and rebooted my router. And then, as they say, all was well. The backup DVD is burning as I prepare this podcast. My biggest take-away here is that networking is still hard. It's tough enough to get it to work in the first place, but random things like a router clogging up don't make things any easier. Oh, and that BartPE and Knoppix (which I'm sure would have worked once the network issue had cleared up) are wonderful tools for geeks like me. I'd love to hear what you think. Visit ask leo dot info, and enter 10992 in the go to article number box. Leave me a comment, I love hearing from you. This is a presentation of askleo.info, a free on-line technical question and answer service. Hundreds of questions and answers are online and ready to help solve your computer problems. That's askleo.info. Related: Article 10992 | Posted December 10, 2006 |
Stay Informed Archives Advertisers |
•
>So the challenge was how to copy the hard disk
>contents off without actually booting the
>operating system and activating any malware
>while the machine sat on the supposedly "safe"
>side of my firewall.
Even if it was on the safe side of your hardware firewall, don't all your computers still have software firewalls (at least the Windows XP default firewall) on their own individual connections? Would an infected computer on the network still be a risk to the others if all the other computers do have their software firewalls enabled? I've always assumed it wouldn't, but your post seems to imply otherwise...
Posted by: Simon at December 10, 2006 7:55 PMBecause I keep the "safe side" of my network safe, I do not run software firewalls on any of my machines. Yes, an infected machine on the "safe side" could certainly infect other machines on my network. That's why when I bring a potentially suspect machine to the 'safe side' I need to take extra precautions, as I described.
Posted by: Leo Notenboom at December 10, 2006 8:20 PMSo, what was the actual issue? Did your router not want to add the network card to it's routing table? Had me an SMC router once, had to reboot that POS every other day - avoid like the plague.
Posted by: Ivan at December 13, 2006 7:31 AMok all that makes sense however I think you are doing this all the wrong way and making this way too complicated. if you copy the contents of the hard drive it may copy the viruses, trojans, worms..etc. So why not boot it up clean the hard drive using various antivirus/antispyware tools, once done that organize with your friend what exactly he wants on it so this can be much easier than coping the entire drive with system files. doing that you can safely and easily copy it's content via cd burning or onto another drive without any problems and you can clear it after that!
Posted by: Dominique at December 13, 2006 10:16 AMIf the system is badly compromised (and I had no assurance that it wasn't) a virus scan may not clean things out completely - the virus scanner itself might be infected. In addition, the machine wasn't running well so I'm not certain I actually COULD have booted and run a Virus scan.
And finally, I wanted an *exact* image of what my friend had left - I wanted to avoid any changes prior to saving the image, and that included any changed due to a virus scan.
Posted by: Leo at December 13, 2006 10:22 AMeyy leo thx for the myspace updates. especially the one where you put a picture as a caption. i relle wondered how to do that and now i now
Posted by: Rhoda at January 29, 2007 5:20 PMthz a LOT!!!