More and more personal data is being deposited on hard disks and SSDs, in part due to the increasing capacity of low-cost, mass storage devices. The risk of data loss from servers, workplace computers, and notebooks increases along with the generation of ever larger amounts of information.

Loss can occur, for example, because of operation errors or hardware damage. Additionally, mandatory routine backups are not yet widespread enough in spite of the changing conditions in data management.

Once data has been lost, access is also lost to important text files, images, databases, and spreadsheets. At the point of loss, the only hope is to find a tool with the capability for reconstructing the maximum amount of data. SystemRescueCD is just such a tool, and it can provide invaluable assistance for Linux systems.

Let's Get Started

The SystemRescueCD comes as an ISO image that is about 445MB in size. It is intended for 32-bit and 64-bit architectures [1], which means that it can be used even on very old computers. Because it is started and used from a CD, the computer does not need the ability to boot from a USB drive.

Variety

The program starts with a greeting from the GRUB bootloader that offers an unusually large number of options. The Gentoo-based system can be booted with a variety of kernels for different hardware architectures.

There are multiple alternative boot options available if problems arise with the graphics card for the computer. One of these alternatives is to boot with a standard VESA graphics driver found on older systems. For computer systems still using a 4:3-sized monitor, you can view the graphical interface on the display screen with the help of SVGA or XGA resolution.

Several other tools can be loaded from a floppy disk image. This option is particularly useful when the cause of the data loss has already been contained. Once containment has occurred, it is not necessary to have an entire operating system at hand with all of its tools. The floppy disk image option is also useful for employing Memtest, Aida, and HDT programs to test hardware and monitor the systems without long start times. (Figure 1)

Figure 1: The GRUB bootloader is overflowing with start options.

The following two options make the entire stock of data recovery software available for use in most applications. The directly start the graphical environment option invokes the X server and then the Xfce desktop. The default boot options option leads to the root console once the keyboard has been set up. A number of editors can be used directly from the console.

Once you have manually set up Internet access, it is also possible to use the text based web browser ELinks. To start the graphical interface from the console, enter the command startx . After a surprisingly short amount of time, an Xfce 4.12 interface appears with an open terminal window. Apparently, this was intentionally kept simple and therefore may look a little bit antiquated (Figure 2).

Figure 2: Xfce is configured without doodads.

Internet Access

It is possible to easily configure and activate Internet access on the graphical Xfce desktop via the Settings | Network Connections menu or with a click on the Network symbol that sits to the lower right on the panel bar. This process works for any number of access technologies.

However, it is not possible to use the console for setting up encrypted WiFi Internet access or WWAN. For this, you would preferably have a cable connection or WiFi with antiquated WEP security, both of which are set up with the help of the net-setup <interface> command. To specify the interface, you can enter eth0 for the first LAN interface or wifi0 for the WiFi access.

If you have two built-in LAN cards in your computer system and want to use the second interface for Internet access, then you can address this interface with the designation eth1 . Once this is accomplished, just a few more steps are involved in gaining access to the Internet.

Software

The developers for SystemRescueCD have written the software to comply with the most stringent of requirements for a data recovery system. In light of its purpose, the operating system has been packaged as a live system. Therefore, it cannot be installed in a fixed place on mass storage from the boot manager or the graphical interface.

If you want to manually install SystemRescueCD on mass storage, then you have the option of setting up the system on a partition with a filesystem supported by Linux. Alternatively, SystemRescueCD can be installed on a Windows system [2].

The Xfce desktop has groups such as Multimedia and Office in its applications menu; however, these do not contain any software packages for routine use. For example, you will find only the ePDFViewer in the Office submenu. Multimedia has only ISO Master and Xfburn that comes from the Xfce module collection.

The applications found under the Internet submenu are all thin and efficient and intended for specific uses. Midori sits here; it is a slim and very fast web browser that can also be started in private mode. Docked here as well is the VNC Viewer for controlling remote computers as well as GTKTerm for access to terminals. The software offering in the Accessories sub-menu is significantly larger. Worth mentioning here are the file managers Thunar and SpaceFM.

The latter distinguishes itself by having its own entry feature for starting a file search. This makes the process of looking for files much faster and simpler, particular when large amounts of data are involved. Rounding out the offering is a simple task manager that graphically displays a list of currently executing processes, storage usage, and CPU load (see Figure 3).

Figure 3: The task manager provides information about the system load and currently executing processes.

In the panel bar of the screen, several frequently used applications sit to the left. As with most desktops, these are integrated into the fast start icon. The unique file manager EmelFM2 can be found here. It is considered a graphically well-designed competitor to Midnight Commander.

Midnight Commander, in turn, is a copy of Norton Commander, beloved in the DOS world, in that it uses an Ncurses interface for an antiquated look.

On the other hand, EmelFM2 has a GTK-based interface. Therefore, it is visually much more modern in spite of the dual window concept adopted from Norton Commander. It also has an extensive array of functions. These include among others, the capability for mounting filesystems, compressing and decompressing archives, and detailed configurability.

EmelFM2 can also be controlled efficiently with function buttons and numerous context menus that are accessed with the right mouse button. Additionally, the developers have integrated the tried and true Midnight Commander into their system. This is found in the System menu (Figure 4).

Figure 4: Eme1FM2 follows in the footsteps of Midnight Commander.

Test Programs

Because of its numerous testing and monitoring programs, Linux makes it possible for the user to track down hardware problems. As a result, SystemRescueCD has a practical mix of tools with graphical interface and others that run on a terminal.

You will find a hardware lister, which graphically displays the hardware components of the target system in the submenu System . In the same place, you will also find the Htop tool, which displays resource consumption for each currently executing process. This can be especially useful when you need to determine exact revision numbers for particular hardware components used in the computer, for example, to do a firmware update.

The graphical interface uses information from the lshw command, which frequently reveals even more detailed information. Iotop is an additional tool that is likewise already preinstalled in SystemRescueCD.

This tool alerts the user to occasional spikes in the system load and also high latency times due to issues associated with individual hardware components. Because these issues might cause system-wide impairment due to a flood of IRQ requests, this program is a favorite among server administrators.

Data Recovery and Security

One special focus of SystemRecsueCD is data recovery. Many tools have been integrated into this Gentoo derivative for the care and maintenance of mass storage. Of particular note are entries for Show Filesystems , GParted , Partimage , and Testdisk , which are found in the System submenu.

The Show Filesystems application opens a terminal and invokes the command line program fsarchiver. Behind the Partimage entry, you will find the current 0.6.9 version of the Ncurses program partition image, which you can use to set up an image of hard drive partitions in just a few steps.

You are not restricted to data partitions, because you can also create complete system partitions. The latter make a snap shot available in case a mass storage device fails. Installing and configuring operating systems and application programs can be time-consuming. If you have a snapshot of the operating system, these tasks fall away (Figure 5).

Figure 5: Old-fashioned but still useful: a partition image.

The graphical program GParted lets you edit partition tables for mass storage devices. This program understands a multitude of different filesystems and is therefore useful in heterogenous environments.

TestDisk is a terminal program that is a high-performance tool for reconstructing mass storage partitions when these have become unreadable. The software can also reinstate the boot capability for mass storage if the boot sector has been destroyed by malware or by accidental error.

Grsync, a graphical program, is listed in the same submenu. It is helpful for synchronizing directories and files. To perform its tasks, Grsync relies on the command-line tool rsync and uses the most important of its parameters to secure data stores. This software can handle both locally stored data and data stored online (Figure 6).

Figure 6: Grsync can synchronize your data with just a few mouse clicks.

Rsnapshot is a similar program. Based on Rsync and accessible via the terminal, it can prepare image snapshots of entire partitions in much the same way that Partition Image can. Rsnapshot is also suitable for use with external USB hard drives when they serve as the backup medium.

A special feature of this software is that it only saves unmodified data once to a single target medium when several snapshots of the data are taken. This saves storage by means of the hardlinks that are set for data that has already been saved when more recent snapshots are made.

The disadvantage to this method is that more recent snapshots are no longer readable if only a small amount of data has been modified or if the original snapshot has been damaged and can no longer be reconstructed. This can be a special problem when only a few of the original files have been modified.

Tob – which stands for tape-oriented backup – functions purely as a backup program. It can deposit backups on tapes and traditional filesystems. This terminal program offers numerous options, which can be displayed via tob --help .

PhotoRec works together with TestDisk on data reconstruction. It is not found on the desktop menu but is invoked from the terminal. PhotoRec comes into play when the user is dealing with data that becomes inaccessible due to error or hardware defect. In spite of what its name might suggest, PhotoRec is definitely not limited in its application to digital image files. This application can also reconstruct numerous other file formats.

Benchmarks

Several benchmark programs running under Linux can make performance comparisons between individual hardware components or between entire computer systems. SystemRescueCD contains the best known of these: Bonnie++ and Stress. Both programs are started in the terminal; therefore, they won't be found in the menus for Xfce.

Bonnie++ measures the writing and reading performance of mass storage areas. It can then deliver information regarding hardware defects when it finds poor performance.

The benchmark program Stress imposes a large load on various hardware components such as the processor, working memory and I/O processes. Both programs are controlled using a large number of available parameters. With the help of the command stress --help , you can obtain an overview.

Forensics

SystemRescueCD also has programs that are frequently put to use in forensics. Chkrootkit is one of these; it checks a computer for malware that gains access through a backdoor.

The software CmosPwd reveals BIOS passwords. Faulty settings in the BIOS of a computer system can often be the cause of weak performance. However, BIOS passwords prevent access to the corresponding settings. Because these are deposited in many computers, especially notebooks, in EEPROM components, unrestricted access is not possible. The more experienced user will appreciate the help that CmosPwd can provide in reading the passwords from the EEPROM component and modifying them.

Magic Rescue is another useful tool for reconstructing file content. This software does not rely on the assignment tables for the filesystem but rather on so called magic numbers that are found in the header of each file. These numbers designate the file type. As a result, Magic Rescue is a good solution for those situations in which the file assignment tables for the system are damaged or destroyed.

Foremost also devotes itself to the reconstruction of damaged and deleted data. SystemRescueCD offers this command-line program to augment the capabilities of Magic Rescue. Foremost can derive helpful information from standardized file headers and also footers.

Network

Naturally, you can also undertake an extensive analysis of your network access with SystemRescueCD. This distribution includes the standard tools such as Nmap, Traceroute, Netcat, and Netselect. All of these are used in the terminal.

Graphics packages like Zenmap and Wireshark are lacking. Therefore, it is a good idea to rely on specialty distributions like Wifislax or Kali Linux for network-specific issues.

Conclusion

The new version 4.6.0 of SystemRescueCD makes an all around excellent impression with system administrators. The operating system is fast and stable. It has no unnecessary baggage that might slow it down. It can also be run on older machines or those with partially incompatible graphics hardware because the Xfce desktop is resource conservative. It emphasizes command-line tools, and it can be used without an X server.

With its integration of tools from other operating systems, such as DOS applications, which may be booted separately, SystemRescueCD is also suitable for rescuing data in heterogeneous environments. This system belongs in the toolbox of every administrator.