How-To use the Linux Live-CD: Difference between revisions
No edit summary |
No edit summary |
||
| (2 intermediate revisions by 2 users not shown) | |||
| Line 2: | Line 2: | ||
Recently we have acquired a new LIVE-CD which will allow us to read and write windows partitions, meaning we can do whatever we want. | Recently we have acquired a new LIVE-CD which will allow us to read and write windows partitions, meaning we can do whatever we want. | ||
This cd was designed to fix windows issues so it should be helpful | |||
The easiest way to do this is through the [[Command Line]] otherwise known as the terminal | The easiest way to do this is through the [[Command Line]] otherwise known as the terminal | ||
Place the cd into the computer and plug in the RSA HD | Place the cd into the computer and plug in the RSA HD | ||
| Line 10: | Line 11: | ||
Boot from the cd and pick one of the options on the screen (gui is reccomended, if they have more than a gig of ram do copy to ram so, faster and frees up the cd drive) | Boot from the cd and pick one of the options on the screen (gui is reccomended, if they have more than a gig of ram do copy to ram so, faster and frees up the cd drive) | ||
( | click on the box in the lower left corner to the right of the file cabinet | ||
in this use this command (cd /media) | |||
once there hit ls and you should see a list of files, hda1, hda2, sda1 so on and so fourth | |||
use this command on each (after you get a feel for this you can only mount the ones you need but for now, mount them all) (mount /dev/(hda sda so on so forth) /media/(hda sda so on and so forth)) | |||
(as a rule of thumb, if there is no recovery partition hda1 is all you need. The RSA drive will probably be sda1) | |||
after you have done this you can look for the users files in the mount points you just made. | |||
OR click the file cabinet and use the gui | |||
Now there are more cool things on this cd besides ways to get files | |||
here is the site, ill add more info as I learn more information | |||
http://www.e-fense.com/helix/contents.php | |||
note the rookkit revealer and other cool things | |||
If you want to have even MORE fun. Put the disk into a running windows machine. There are a bunch of cool tools on there. Most are overkill, but check out winaudit, the file recovery program, and the rootkit revealer. | |||
== Back to [[RSA Techs]] main page == | |||
--[[User:Bachmann|Bachmann]] 14:04, 30 January 2007 (EST) | --[[User:Bachmann|Bachmann]] 14:04, 30 January 2007 (EST) | ||
Latest revision as of 18:36, 27 February 2007
So what do you do when you need to get to a users data and you cannot get their system to boot and BARTS wont work, (or if you LOVE linux)
Recently we have acquired a new LIVE-CD which will allow us to read and write windows partitions, meaning we can do whatever we want.
This cd was designed to fix windows issues so it should be helpful
The easiest way to do this is through the Command Line otherwise known as the terminal
Place the cd into the computer and plug in the RSA HD
Boot from the cd and pick one of the options on the screen (gui is reccomended, if they have more than a gig of ram do copy to ram so, faster and frees up the cd drive)
click on the box in the lower left corner to the right of the file cabinet
in this use this command (cd /media)
once there hit ls and you should see a list of files, hda1, hda2, sda1 so on and so fourth
use this command on each (after you get a feel for this you can only mount the ones you need but for now, mount them all) (mount /dev/(hda sda so on so forth) /media/(hda sda so on and so forth))
(as a rule of thumb, if there is no recovery partition hda1 is all you need. The RSA drive will probably be sda1)
after you have done this you can look for the users files in the mount points you just made.
OR click the file cabinet and use the gui
Now there are more cool things on this cd besides ways to get files
here is the site, ill add more info as I learn more information
http://www.e-fense.com/helix/contents.php
note the rookkit revealer and other cool things
If you want to have even MORE fun. Put the disk into a running windows machine. There are a bunch of cool tools on there. Most are overkill, but check out winaudit, the file recovery program, and the rootkit revealer.
Back to RSA Techs main page
--Bachmann 14:04, 30 January 2007 (EST)
