How to reanimate Windows and save data with a live Linux distribution

2024 Author: Malcolm Clapton | [email protected]. Last modified: 2023-12-17 03:44

With Linux, you can save important data, cleanse your system of viruses, or crack a password, read all files, melt the processor, and wipe your hard drive.

There is something wrong with your Windows. Perhaps you forgot your password, picked up a virus, your hard drive is pouring errors, or the system simply refuses to boot. The easiest way is to reinstall Windows. But what if there is important information on the disk that you don't want to lose?

Give Linux a try before reinstalling your system. Having a bootable disk with a live image of the Linux distribution, you can try to recover a forgotten Windows password, recover lost data, scan your computer for viruses, or at least copy those files that can still be saved.

This information can be used both for good and for evil. Be careful not to harm yourself or others.

Preparing Linux

First of all, you need to download the ISO image of the desired Linux distribution that supports live boot. Live mode is a mode where the system boots from external media. Almost any distribution will do. Take Ubuntu as an example.

Download the ISO image suitable for your computer. After downloading the image, you need to burn it to a USB flash drive using Rufus or to an optical disk using a standard Windows recording tool. If you are burning a disc on Linux, you can do it with the dd command.

When the disc is written, insert it into the failed computer, select in the BIOS to boot from external media. When Linux prompts you for installation options, select Run Without Install.

Mounting Windows partitions

As a rule, Linux mounts all partitions of the hard disk at once. To do this, you need to open the appropriate section in the file manager.

However, in some cases Linux cannot mount partitions. This happens most often on Windows partitions with hibernation enabled, and in Windows 10, hybrid hibernation is used every time it is turned on. There are several ways to fix this.

1. You can disable hibernation in Windows settings. Your computer will boot up slower, but problems with mounting partitions will disappear.

2. You can mount a Windows partition directly from Linux. To do this, in the terminal, type the command

sudo fdisk -l

… This will show you a list of drives on your computer.

Remember the name of the desired Windows partition, which looks like / dev / sd *, and enter

sudo mount -t ntfs-3g -o remove_hiberfile / dev / sd * / mnt

3. You can restart Windows and then immediately boot into Linux. The point is that Windows 10 Hybrid Hibernation is not used on reboot.

Password recovery

To reset your password in Windows, do the following:

1. Log in to the terminal and add the repository:

sudo add-apt-repository universe

2. Update the package list:

sudo apt-get update

3. Give the command to install chntpw:

sudo apt-get install chntpw

4. Open the file manager and find the disk partition where Windows is located. Find the Windows / System32 / config folder and the SAM file there.

5. Copy the address to this file. It should look something like this:

/ media / 689G10259A0FF9B1 / Windows / System32 / config

6. Enter the command

cd / media / 689G10259A0FF9B1 / Windows / System32 / config

7. Then run the chntpw utility to find Windows users:

sudo chntpw -l SAM

8. The console will display a list of Windows users. Select the username you want to reset the password and enter

sudo chntpw –u SAM username

9. The console will suggest options for action. Enter the number of the desired action:

1 - reset password;

2 - set a new password;

3 - make the user an administrator;

4 - unblock the user (if the dis / lock value was in the user's table, the user must first be unblocked).

10. After selecting the desired action, the console will ask for confirmation. Press the "y" key.

Equipment check

RAM

If Windows cannot start due to some kind of hardware failure, it is worth checking the hardware for serviceability. You can find out exactly what is wrong and replace that component.

To check your RAM, use the Memtest86 + utility, which is available in almost every Linux distribution. When Linux boots up, it will prompt you to check your RAM. Choose this option.

Testing the RAM can take a long time. If there is any memory problem, Memtest86 + will report back. If the problems are related to the RAM, it should be replaced.

CPU

If you suspect a lack of processor power or insufficient cooling is the cause of frequent crashes, you can run cpuburn. This console utility puts extreme stress on your processor, forcing it to work and generate more heat. You can install cpuburn with the following command:

apt-get install cpuburn

Then just run it from the console:

cpuburn

If there is something wrong with the cooling system or the power supply, the computer will shut down after 10-20 minutes from overheating. This means it's time to change the thermal paste.

Be careful with cpuburn and don't run it unnecessarily on healthy computers.

HDD

The hard drive can be checked using the standard "Disks" application, which is included in Ubuntu. Its interface is very simple and straightforward.

If you are using a different live image, enter the following command in a terminal:

sudo fdisk -l

Look at the name of the device you want. Then enter the command

sudo badblocks -v / dev / sd *

The hard disk check takes quite a long time. If unreadable blocks appear on the disk, it must be replaced immediately. There are programs that mark these blocks so that nothing is written to them. But this is only a half measure.

Saving data

By running a Linux live image, you can easily copy important data from a damaged computer.

If you need to save some files to a USB flash drive, external hard drive or network storage, this can be done using any Linux file manager.

Once connected to the Internet, you can upload important files to any cloud by simply opening a browser. Or select the "Network" item in the file manager and copy the data to shared folders on your local network.

If you want to copy the entire disk in its entirety, use the terminal:

• Enter the command

  sudo fdisk –l

• Remember the names of the section you want to clone and the section that will contain the copy.

• Then type

  sudo dd if = / dev / sda of = / dev / sdc

• Wait until the console notifies you that the copy is complete.

A copy of the contents of / dev / sda will be moved to / dev / sdc. This way you can clone entire disks. You can transfer data from one partition to another or to an external hard drive. The copy will be so identical that you can restore files on the cloned disk that were previously deleted on the original.

Recovering deleted files

When you delete a file, only its description in the system is erased. The data itself remains in place until something else is written over it. This means that if you deleted some important files or formatted the disk unintentionally, you can try to recover the lost data.

Linux has several utilities for recovering deleted files. These are Safecopy, TestDisk and PhotoRec. They all work in the console. To find out how to use them, check out the tutorial.

Check Windows for viruses

Windows can fall prey to viruses and stop starting. But you can find them using Linux. Do not be afraid that the virus will harm your computer: in a live Linux image, it simply will not be able to start.

To scan Windows for viruses, you can use the free ClamAV antivirus. You can install it with the command

apt-get install clamav

Cleaning up your hard drive

So, you have copied all the data from the hard drive, made all the necessary backups and now you want to take your computer for repair. As you already know, it is quite easy to recover deleted data even on a computer with a broken system. If you have confidential information stored on your hard drive, you can clear it before repairing.

Make sure there is nothing of value left on the disc.

On Linux, the shred command permanently erases files. To make a specific file unrecoverable, type

shred

This will not delete the file, but it will make it completely unreadable and useless.

To permanently delete and erase the file, enter

shred –remove –iterations =

The number of overwrites affects how many times a file is overwritten with a random set of bytes. By default, the file is overwritten 25 times. As a rule, this is enough for even advanced utilities to fail to recover data.

To wipe an entire disk in this manner, use the wipe command. First, install the appropriate utility:

sudo apt-get install wipe

Then find out the name of the desired partition or disk:

sudo fdisk –l

Then enter the command to destroy and the name of the drive:

sudo wipe / dev / sda1

Use these commands with caution. When the contents of the disk are erased, it will not be possible to restore it.

With live Linux distributions, it is quite easy to access Windows files. Even if you're not going to switch to Linux, it never hurts to have a bootable disk handy.

Also, think about the confidentiality of your data. Even if your system is password protected, you can reset it or copy files to another drive without even logging into an account. Therefore, if you have really valuable data on your computer, use encryption utilities.