Recover Your Data From an Old Hard Drive

A friend's laptop recently died a quick and sudden death or sorts. When they tried to boot the machine, it went into the Windows System Recovery Options menu. I tried to advise them on how to run a Startup and Operating System (OS) repairs, but Windows gave her the big ol' single-digit salute.

The Startup Repair didn't find any errors to repair. All tests passed without error.

The System Restore wouldn't work since she didn't have an restore points to restore from.

The System Image Recovery wouldn't work since she didn't have a recovery CD.

On most Windows computers, you have the option of pressing F2 to go into the BIOS, and F8, F10, and / or F12 will normally give you access to one or another boot options menu.  Not this time. Each time she rebooted, it went straight into the Windows System Recovery mode.

Dell cmoputers will allow you to run the Dell Enhanced Pre-Boot System Diagnostics (ePSA), but not all brands offer that option. ePSA can be a very useful took for isolating hardware issues from OS issues. I use it fairly often at work.

But, I digress.

The OS was toast and refused to allow her to run any repairs. She had the laptop for about 5 years, which is within the normal 3-to-5-year life expectancy for a laptop, and opted to buy a new one. Which brings us to the point.

Windows offers several means of using USB or Ethernet cables to transfer your profile and data from your old computer to you new computer (Windows Easy Transfer). But, if the OS won't boot, you can't very well do that. So, how do you recover your old data? External USB or eSATA connection.

In almost every case where I've had or seen a laptop die, the hard drive (HDD) was still usable. The deaths were usually caused by some other hardware failure. Even if the HDD wasn't able to boot as a main drive, it could still be slaved for data recovery - and later for data storage. The easiest way to do that is an external case.

Unless you have a legacy system, most HDDs and Solid-State Drives (SSD) nowadays are SATA interface. You can easily find an external case or adapter that allows you to plug in an old HDD / SSD to a USB 2 or USB 3 port, or eSATA if you have a port for that.

This is the last external case that I bought. I'd say that the price is pretty reasonable - if you can put a price tag on recovering your data from a dead computer.

• Sabrent Ultra Slim USB 3.0 to 2.5-Inch SATA External Aluminum Hard Drive Enclosure [Black] (EC-UK30)

If you have several drives, you can get a device like this that lets you use a single device to access multiple drives (one at a time):

• atolla Lay-Flat SATA to USB 3.0 HDD Enclosure External Hard Drive Docking Station for 2.5 or 3.5 inch HDD/SSD with 2 Data/Charging USB Ports (Supports UASP and Drives 4TB)

I have a pair of adapters like this at work that I use for wiping and testing old HDDs. They're good for SATA and IDE drives:

• AGPtek SATA/PATA/IDE Drive to USB 2.0 Adapter Converter Cable for Hard Drive Disk HDD 2.5" 3.5" with External AC Power Adapter

I'm not trying to sell any specific make / model; just providing examples.

It can be a lot easier if you have a desktop computer and have a vacant drive bay. You can simply insert the old HDD / SSD into an open bay, attach the SATA and power cables, and configure Windows to access the drive as a secondary drive.

Now, That you have it connected, how do you recover your data? It's really pretty simple if you're talking about standard files. Recovering a database, for example, can be more complicated (we're not covering that here).

Windows XP Folder Structure

1. For WinXP:
1. Open Windows Explorer / File Manager.
2. Double-left-click on the drive that you want to access.
3. Double-left-click on the "Documents and Settings" folder.
4. Double-left-click on the folder named with your username.
1. Desktop: contains all the folders, files, shortcuts, etc. on YOUR desktop (not the "All Users" desktop).
2. Favorites: contains all of the URL shortcuts for your Internet Explorer Favorites.
3. My Documents: contains all of your documents; plus folders for your pictures and music files.
4. Start Menu: contains any Start Menu shortcuts specific to your account.
5. Double-left-click on any of the folders to access them.
6. View, select, and copy any or all of the files from that folder to a folder in your new profile on the C: drive (main OS drive).

Windows Vista, 7, 8 / 8.1, and 10 Folder Structure

1. For WinVista, Win7, Win8/8.1, or Win10:
1. Open Windows Explorer / File Manager.
2. Double-left-click on the drive that you want to access.
3. Double-left-click on the "Users" folder.
4. Double-left-click on the folder named with your username.
1. AppData: contains user-specific information for various programs such as Outlook, Internet Explorer, Chrome, etc.
2. Desktop: contains all the folders, files, shortcuts, etc. on YOUR desktop (not the "All Users" desktop).
3. Documents: contains all of your documents; plus folders for your pictures and music files.
4. Downloads: the default folder for Internet downloads.
5. Favorites: contains all of the URL shortcuts for your Internet Explorer Favorites.
6. Links: contains links to things like the Desktop, Downloads, Google Drive, etc.
7. Music: the default folder for digital music files.
8. Pictures: the default folder for digital images.
9. Saved Games: the default folder for game save files. (I've never had a game program use this for save files).
10. Videos: the default folder for digital video files.
11. Other folders as dictated by the programs you have installed:
1. OneDrive
2. Google Drive
3. VMware or VirtualBox VM folders
5. Double-left-click on any of the folders to access them.
6. View, select, and copy any or all of the files from that folder to a folder in your new profile on the C: drive (main OS drive).

What you do with the drive afterwards is up to you, but you should bear in mind the condition of the drive. If it's in good operating order, and only the OS was toast, you could format the drive and use it for portable external storage. I have one that I use for external storage of my MSDN ISOs, and another that I use for my file backup. I have several more on-hand "just in case".

If the drive came out of a 5-year-old laptop, and you have reason to doubt its integrity, you might want to pitch it, but not before making sure your data is GONE.

Many laptop drives use glass-like platters with magnetic foil, and SSDs contain silicon chips like flash drives. You can usually destroy them by playing Thor and pretending that your sledge hammer is Mjölnir. It's fun AND cathartic.

Desktop hard drives usually have metal platters and may need to be physically disassembled or otherwise destroyed.

You can use something like KillDisk to wipe the drives, or - if you really want to be sure that no one gets their digital fingers on your data - you can find a service to degauss, shred, or chemically destroy your drive. Thermite grenades work well, too, if you're in a job that allows you access.

As always, I'm open to questions and constructive comments. Your feedback is welcome.

Windows Command Line Interface - An Introduction

Getting this blog off the ground has been a challenge. I went for over two years without a post. In an effort to make it work, my goal will be to have a new post each Sunday evening. I'll do my best to come up with useful topics for each post. Since there are no less than three currently in-use Windows operating systems, I'll try to include articles about each (Windows 7, Windows 8 / 8.1, and Windows 10). If you have questions, or recommendations for topics, please send me an email or leave a comment.

Now, on with the show . . . .

Long before Windows and it's graphical user interface (GUI), really smart people used a command line interface to operate computers. One of the most popular, most profitable, and most widely-known operating systems in those days was the Microsoft Disk Operating System, more commonly known as MS-DOS. Early users and administrators of business and home computers are probably still familiar with MS-DOS. I know people who still prefer to use the Command Line Interface (CLI) and PowerShell whenever possible to manage servers.

(Side note: I realized that I was a computer geek in the early 90's when I would BS with friends about MS-DOS, Windows, and computers in general. They still make me look like a n00b.) 

Here's a really short version of the evolution of MS-DOS and Windows (not all-inclusive):

• August 1981 - MS-DOS was officially released; its market base grew significantly because it was commonly installed on IBM-compatible PCs by the manufacturer and sold as the OEM OS.
• November 1985 - MS Windows 1.0 released. MS-DOS was the disk operating system; Windows was the operating environment that ran on DOS and used a framed graphical user interface (GUI) for users to access files and programs. The framed GUI made it easier and more popular for average people to use computers because they didn't have to be proficient with the DOS CLI. Windows 3.0, released in May 1990, was the first experience many users had with computers. It gave MS a major foothold in the growing PC industry.
• August 1995 - Windows 95 released; the paradigm was reversed: Win95 was the OS and the CLI became a management application within the Windows OS; all subsequent versions of Windows use this model.
• September 2000 - MS-DOS 8 released; final version of stand-alone MS-DOS.

(Check this page out or a more detailed history of the MS Windows OS: The History of Windows Operating Systems.)

This post isn't intended to spark debate about which disk operating system was first or which one is best. Nor is it intended to provide a full-blown course on the CLI. My intent is to address some of the more commonly-used CLI commands. All of these commands can be used by casual and novice users without fear of damaging anything. None of these commands will change anything on your computer. These commands will either help you navigate via the CLI, or will provide you with information about your computer.

The easiest way to launch the CLI is to click on your Start button and type "cmd" into the "Run" box and press <Enter>. This will launch the CLI using your current logon as the operator. There may be access limitations if you're not logged on as a local administrator. The default directory will be your home directory / folder as shown below:

Another easy way to launch the CLI is to click Start menu button and type "cmd" into the "Search" box. Right-click on "Command Prompt" and then left-click on "Run as administrator". That will allow you run the CLI with elevated permissions. The "home" directory for launching the CLI this way is "C:\WINDOWS\system32" and shown here:

In both cases, the OS name, version, and copyright are displayed on the first two lines of the CLI. If you type "winver", and then press <Enter>, you'll see a pop-up like below that provides all the necessary info about your OS. As you can see, I'm running Windows 8. But if you read further, you'll see that I'm specifically running Windows 8.1 Pro with Media Center and that it's version 6.3:

The redacted line is just the email account that the OS is registered to that I used to log into my laptop.

I originally started writing this post in February 2015. I upgraded my laptop 3 times since then and am now running Windows 10 Creators Update.

Here are several more useful CLI command. Unlike some of the CLI commands for Linux and Unix OSes, these commands are not case-sensitive. I typed them in all caps for emphasis.

WMIC BIOS GET SERIALNUMBER should show you the serial number for your computer as embedded in the BIOS (Basic Input/Output System), which is the firmware programs that boots your computer prior to the operating system launching. It SHOULD match the serial number on the label on the back or bottom of your computer.

CHDIR displays or changes the current working directory. This should match the path listed in the command prompt itself.

DIR lists the contents (folders and files) of a folder.

DIR /P will list the contents of the current working folder, but will pause after a certain number of items and prompt you to press any key when you wish to proceed.

CD changes directory.

CD .. (cd, space, two periods). navigates up one folder level.

CD\ (cd backslash) navigates from the current directory to the root of the current drive.

CD USERS changes from the root of the c: drive to the users folder. This is where the user profile folders are stored for that computer. Each user that has logged on to that computer with a unique username will have a user profile folder. Once in this folder, you can run the DIR command to see a list of other user folders. You can CD into the folder with your user name, run the DIR command again, and see folder such as "Documents", "Downloads", "Music", etc. The names may vary slightly depending on which version of Windows you're running.

<drive letter>: (ex: x:) changes from the current working drive to the specified drive letter. In this example, the command X: changes from the C: drive to the X: drive, which is one of my external hard drives (HDDs). The command C: changes from the X: drive back to the C: drive in the working directory that I had last navigated to.

CLS clears the terminal screen returning it to a blank screen with only a command prompt showing.

CHKDSK is a diagnostic command that scans the specified HDD for various errors, and usually fixes them. You can use the command to scan attached HDDs without rebooting; however, if you run the CHKDSK on the C: drive, it will tell you that the scan will have to be performed during the next system reboot.

SCANDISK is an older version of CHKDSK from Windows 95 and 98 (Win9x) and works similarly.

IPCONFIG displays the basic network configuration of your computer.

IPCONFIG /? displays the usage and syntax of the IPCONFIG command. /? can put placed after most base commands to see their usage and syntax.

IPCONFIG /ALL displays more detailed network configuration information.

IPCONFIG /ALL > IPCONFIG.txt sends the output to a text file named "IPCONFIG.txt" in the folder where your CLI command prompt is currently located.

ROUTE PRINT displays the basic routing information stored in your computer.

ROUTE PRINT >> IPCONFIG.txt appends the ROUTE PRINT output to the "IPCONFIG.txt" file without overwriting the IPCONFIG output.

PING sends a test signal out to an IP address, computer name, or Internet URL. Used to troubleshoot possible network connectivity issues. Ex: ping www.google.com.

TRACERT (trace route) is used similarly to the PING command to show the route "hops" taken from your computer to the destination device. The base command is followed by an IP address, computer name, or Internet URL. Ex: tracert www.google.com.

Here you can see and compare the results of the ping and tracert to www.google.com. The time outs are servers that probably have Internet Control Message Protocol (ICMP)  disabled so they're not returning a ping response.

NETSTAT displays protocol statistics and current TCP/IP network connections.

NSLOOKUP [comptuername] queries local DNS and returns the IP address currently assigned to the identified computer. All computers computer maintain a local DNS cache of other computers that they've communicated with, but this command really only works if your computers is in a domain and you're looking up other computers in that same domain.

NSLOOKUP [web address] queries external DNS (usually web-based) to return the IP address for the specified web address / URL.


Sources:

Books:

Windows Command-Line Administrator's Pocket Consultant, 2nd Edition - I used this one while attending Capital Area Technical College and still use it occasionally.

Windows PowerShell 2.0 Administrators Pocket Consultant - I used this one while attending Capital Area Technical College, but don't use it as often. I'm lazy and prefer to use the GUIs when possible.

Web Sites:

MS-DOS overview - Microsoft's official MS-DOS page as it relates to WinXP.

MS-DOS - Wikipedia article on MS-DOS

Microsoft Windows - Wikipedia article on the history and evolution of MS Windows.

List of DOS commands - Wikipedia article on common MS-DOS commands; the use of the commands is explained, but not so much the proper syntax.

DOS Commands: A Complete List of MS-DOS Commands - A much more thorough reference for MS-DOS commands, usage, and proper syntax.

15 CMD Commands Every Windows User Needs To Know.


18 Useful Command Prompt Tricks You Might Not Know

New Type of Malware / Spyware Attack Launches By Hovering Over Hyperlinks

There’s a new method of launching malware infections that only requires the victim to hover over an embedded hyperlink. The attack has been seen in emails, various MS Office files, and even on infected web pages. When a victim hovers over the hyperlink, a PowerShell script tries to download and install the malware – a Trojan horse, in this case, which opens a back door to the infected computer.

Older versions of MS Office are particularly susceptible. Newer versions of Office launch a security dialogue that prompts the user to enable or disable the script. Clicking the “Disable” button blocks the script from running. Many users, though, clicked the “Enable” button thinking it would make the dialogue go away. It ended up infecting their computers. Computers running MS Windows are primarily vulnerable. PowerShell is not natively installed on Apple or Android devices, so they’re less susceptible to this type of attack.

You can read more in the following articles. The hyperlinks are safe; I put them in the email myself. But, if you prefer, you can do a Google search using the string “powerpoint banking trojan hover”. The first article below is the one that was brought to my attention over the weekend. The second is a Trend Micro blog article with a more detail. The third is apparently the original article that brought the threat to everyone’s attention. FYI – it’s very technical.

• Banking trojan executes when targets hover over link in PowerPoint doc
• Mouse Over, Macro: Spam Run in Europe Uses Hover Action to Deliver Banking Trojan
• New PowerPoint Mouseover Based Downloader – Analysis Results