Safe and Secure

The distribution places particular emphasis on data recovery. Therefore, it comes with many tools for the maintenance and care of mass storage. For this purpose, the System submenu harbors the Show Filesystems, GParted, Partimage, and Testdisk entries.

Show Filesystems opens a terminal and calls fsarchiver; the Partition Image ncurses program hides behind the Partimage entry, which allows you to create images of hard disk partitions in a few steps. Because this is also possible with system partitions, you could have a snapshot available in minutes to restore the original system (Figure 5).

Figure 5: Old-fashioned, but useful: Partition Image clones any partitions and restores them if necessary.

The GParted graphical program allows you to edit partition tables of mass storage devices; the software can handle a number of different filesystems and includes external storage media, if required. The current versions of the SystemRescueCd contain GParted in the new 5.x version, which also gets along with the modern Btrfs filesystem.

The powerful terminal program Testdisk is suitable not only for reconstructing partitions, but also for restoring the boot sector of mass storage devices in case of accidental or malicious boot sector destruction. The graphical program Grsync helps with file and directory synchronization. The application is based on the Rsync command-line tool and uses its most important parameters (Figure 6).

Figure 6: The small Grsync tool synchronizes your data with just a few mouse clicks. It is based on Rsync, the well-known sync software.

The Rsnapshot command-line program, which is also based on Rsync, creates snapshots of entire partitions – much like Partition Image. It is also suitable for the use of an external USB hard disk as a backup medium. With multiple snapshots on a single target medium, Rsnapshot only saves copies of unchanged files once; it then uses hardlinks to these files in subsequent snapshots, saving storage space. However, newer backups inevitably depend on the older ones – if they are missing, the reconstruction fails. Search for Rsnapshot in the SystemRescueCd menus in vain – the software is called directly from the command prompt.

Despite its name, the tob (tape-oriented backup) shell script not only saves data on tape, but also on conventional filesystems. Its numerous options are revealed by the tob --help command.

Photorec, which is also called in the terminal, teams up with Testdisk for data reconstruction. The duo restores accidentally deleted data or data that is no longer accessible because of a hardware defect. Although its name suggests otherwise, Photorec is not limited to restoring digital images: It also knows many other file formats and reconstructs them.

Extra Equipment

For performance comparisons between individual hardware components or complete computer systems, SystemRescueCd comes with a number of prominent benchmark programs. The most popular, Bonnie++ and Stress, are launched in a terminal window and thus don't appear in the Xfce menus.

By measuring the read and write throughput of mass storage devices, Bonnie++ can provide information on possible hardware defects in the event of poor system performance. On the other hand, the Stress benchmark tool creates high load on various hardware components (e.g., CPU, memory, bus). Like Bonnie++, you control the stress level through a variety of parameters (see the list with stress --help); htop then lets you see how much stress the system is under.

SystemRescueCd also comes with some forensic programs, including chkrootkit, which scans the computer for hidden malware that opens a back door for attackers, and CmosPwd, which reveals BIOS passwords. Because these passwords are stored in EEPROM modules on many computers, especially notebooks, unrestricted access is not possible. For experienced users, CmosPwd offers a way to read or modify passwords. However, it primarily considers older BIOS variants and cannot cope with newer versions, especially (U)EFI systems [3].

Magic Rescue is a useful tool for reconstructing file content. However, the software does not use the filesystem allocation tables but relies on "magic numbers," which are located in the header of the respective files and denote the file type. As a result, Magic Rescue works even with corrupted or destroyed file allocation tables. The command-line program Foremost also recovers damaged or deleted files by using Magic Rescue information from the standardized file headers and footers.

SystemRescueCd also allows a more comprehensive analysis of network access with the standard console tools Nmap, Traceroute, Netcat, and Netselect; graphical packages such as Zenmap and Wireshark are missing. Therefore, if you have network-specific problems, it is better to use specialized distributions like Wifislax [4] or Kali Linux [5].

Conclusions

SystemRescueCd v5.0.4 is fast, stable, and contains hardly any unnecessary ballast. The developers have removed software that is not critical to its mission, as well as several programs with overlapping functions. The resource-saving Xfce desktop and a concentration of proven command-line tools allow SystemRescueCd to be used on computers with old or incompatible graphics hardware.

The developers have taken great care in putting the system together. For example, the latest updates have improved many central programs and replaced less powerful applications with better ones. The integration of tools from other operating system worlds – including DOS applications that can be started separately – also makes SystemRescueCd ready for data recovery in a heterogeneous environment.