Hello, I have been trying to wade through the FAQs but I must hurry since I am not sure I will be able to get back on if I turn off the computer. A few hours ago, I got a CRC error on my hard drive when trying to log in - Windows System Restore worked, but that won't help a CRC error / hard drive failure for long.

So I am hoping that I can use Knoppix to make an exact copy of my hard drive, is that true? I would want to save the entire disk image to my other computer over the network. I cannot find anything in the FAQs that would let me do this, maybe I am searching for the wrong thing ( "disk image" KNOPPIX NTFS ) or Knoppix will not let me do this. Then when I get a new hard drive I could restore my files. I am not worried about a few corrupted files, but I understand that sometimes an image cannot be made if it cannot access the sector, is that true?

Anyhow if anyone can point me towards a FAQ or give me a simple list of things to keep in mind I would appreciate it :)

I don't have immediate access to a step by step, but I have done it in the past.

Command line after getting the network connections. Check ncat man pages for details on ncat. There is also a cryptcat or some such which will encrypt/decrypt the stream sent over the network. Probably overkill if you are on a small, secure network

Boot Knoppix on the bad machine,

Get network access

Boot Knoppix on the receiving machine

Get network access

Use ncat in a listening mode (needs at least a port number, and maybe a sending ip address) and pipe its output to an image file.

go back to the problem machine

use dd to copy the partition to stdout.

Pipe this through gzip

Pipe the output of gzip into ncat configured as a sender to the listening ncat on the receiver.

My memory is it requires ip address and a high port number

This will produce a zipped image of the drive on the receiver which you can expand or place at leisure.

You can track the size of the image in a second console on the receiving machine if you are as twitchy as I am.

the details are in forensic publications or web sites.

an md5sum of the drive for comparison to the new expanded image is not a bad idea.

Good luck

You want to use partimage (http://www.partimage.org). This is a console (ie. command line) utility; there may be a gui for it, but I find it pretty easy to use as is.

Open a root console, then type 'partimage /dev/hda1' (/dev/hda1 is the first partition on your master hard drive; typically your Windows XP partition). You'll go through a series of dialog boxes; pick out the backup options, choose gzip compression (bzip does not work with NTFS), and save your partition image file to a sufficiently large hard drive space (a second hard drive is best, formatted with a linux filesystem like ext3 or reiserfs, NOT fat32 or ntfs).

To restore the partition, just run 'partimage /dev/hda1', except choose the restore options. Remember, your target partition must be the exact same size as your original partition.

I've done this with my Windows XP NTFS partition and it works well. I imaged a Windows XP partition on a 40 GB notebook harddrive (it was actually /dev/hda2 since /dev/hda1 had all the pre-installed Windowx XP oem system recovery files), then restored it to a 40 GB partition on a new 80 GB harddrive (the rest of the new hard drive has an Ubuntu install). Now I happily dual-boot!

The only hiccup is that when you restore your Windows XP partition, you must then boot your Windows XP system recovery CD and restore your MBR (master boot record) from the recovery tools. If you want linux on the same hard drive, install it or run grub/lilo AFTER restoring the Windows XP MBR.