GNOPPIX

Configuration

The Gnoppix developers and user community have put great effort into creating a kernel that supports the widest possible range of hardware. It uses a 2.6 series kernel and the latest GNOME applications. Ideally, Gnoppix's only limitation is that it must be run on an Intel (or compatible) processor. During the initial boot sequence you will be prompted for language, keyboard, and video information. It is possible to access and tweak other options if you boot with the expert mode. Most of the time, those options are only necessary for troublesome hardware.

Implementation

Gnoppix boots into an X Window environment (based on Xorg) with a nonroot user account named ubuntu. Note that by design Gnoppix is not intended to be a permanent, multi-user system. You can execute root-privilege programs with the sudo command. The initial welcome screen looks something like Figure 3-8.

Press CTRL-ALT-F1 (or any of F1 through F6) to obtain a text prompt if you'd rather avoid the GUI. Pressing CTRL-ALT-F7 brings you back to the GNOME Desktop.

Perhaps one of the most useful things Gnoppix can do for you is retrieve data from a corrupted disk or an operating system that refuses to boot. The prerequisites for Gnoppix to successfully boot do not include a working disk drive. It also has menu options that enable the user to mount the disk drive and access its partitions. Since Gnoppix uses the Linux kernel, it supports most file systems, including NTFS read access.

File system permissions are enforced by the operating system. Take the case of files on an NTFS structure that are read-only by the Administrator account. Windows 2003 ensures that only users with administrator privileges may access those files. However, if the disk drive can be mounted by a different operating system, such as Gnoppix, then the file permissions are not enforced. Properly implemented encryption is the only countermeasure for mitigating unauthorized physical access to a drive.

Open the Applications menu and select System Tools, then Root Terminal. You could do the same thing with the ubuntu user (default account) using the sudo command. Next, make a directory in which to mount your Windows file system. Now, mount the partition.

 root@ubuntu:~# mkdir /mnt/win32 root@ubuntu:~# mount /dev/hda1 /mnt/win32 root@ubuntu:~# cd /mnt/win32 root@ubuntu:~# ls AUTOEXEC.BAT                BACKUP                     boot.ini BOOTSECT.DOS                Config.Msi                 CONFIG.SYS Documents and Settings      DOS                        IO.SYS MSDOS.SYS                   NTDETECT.COM               ntldr pagefile.sys                Program Files              Recycled RECYCLER                    System Volume Information WINNT                       WUTemp 

At this point you have full access to the Windows file system, regardless of the NTFS permissions associated with the files and directories. Consequently, you can retrieve files from the disk if it refuses to boot or has otherwise been corrupted. Note that Linux's file system support will attempt to suppress errors and corrupted files. If the disk is too damaged, then you may have to mount it as a raw devicesomething that we'll cover more in depth in the forensics chapters.