Technical Analysis: Recovering Data from Windows systems by using Linux

by jcannon on November 20, 2007 02:19pm

Abstract:
We have all run into cases where Windows fails to load for one reason or another. The problem may be hardware or a software failure, and the problem may seem to be irrecoverable.  Yet often Linux can be used to help recover data that otherwise might be lost. Another application of using Linux recovery is in the creation of disk images for post-mortem analysis of security breaches. While such images are not created according to forensics standards (which usually requires special hardware) and would not be likely to be of help in legal cases, they are helpful in internal reviews following such incidents.

Note: This paper represents testing and documentation in a lab environment. User Account Control (UAC) is an essential security component to Windows and Microsoft does not recommend turning off UAC in production environments.

Attachment: LinuxRecovery.pdf