Making a backup of your Windows computer is one thing – restoring it is another. If the system does not boot anymore, how do you restore it? Reinstalling Windows is a pain – if for no other reasons because you have to reactivate it with Microsoft. Here I present a method I like.
You need a Live-Linux-system. Any version of Ubuntu on a bootable CD or USB key will work, but if you prefer some other Linux live CD use it. I assume you use Ubuntu.
Linux can easily access you entire harddrive (or a partition) as one large file. This “file” can be copied to an external hard drive, or send over the network to another computer.
What drive to backup?
Linux hard drives are called /dev/sda, /dev/sdb, /dev/sdc etc. You need to figure out which drive contains your windows system. The USB key you booted from will also show up as a hard drive. If you insert an external USB drive to backup to, it will also show up as a hard drive.
Run fdisk to see your hard drives and their partitions:
freke@freke:~$ sudo /sbin/fdisk -l
Disk /dev/sda: 120.0 GB, 120000000000 bytes
255 heads, 63 sectors/track, 14589 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x19411940
Device Boot Start End Blocks Id System
/dev/sda1 1 32 257008+ 83 Linux
/dev/sda2 * 33 46 102400 7 HPFS/NTFS
Partition 2 does not end on cylinder boundary.
/dev/sda3 46 7682 61337600 7 HPFS/NTFS
/dev/sda4 7682 14589 55482974+ 83 Linux
Disk /dev/sdb: 1000.2 GB, 1000204886016 bytes
255 heads, 63 sectors/track, 121601 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000bd89d
Device Boot Start End Blocks Id System
/dev/sdb1 * 1 62 497983+ 83 Linux
/dev/sdb2 63 548 3903795 82 Linux swap / Solaris
/dev/sdb3 549 2372 14651280 83 Linux
/dev/sdb4 2373 121601 957706942+ 83 Linux
Disk /dev/sde: 32 MB, 32473088 bytes
255 heads, 63 sectors/track, 3 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x0030bb16
Device Boot Start End Blocks Id System
/dev/sde1 * 1 4 31680+ 4 FAT16 <32M
Partition 1 has different physical/logical endings:
phys=(2, 254, 63) logical=(3, 241, 46)
The above example contains a lot of information you dont need. But, you can see there are three drives:
- /dev/sda, 120Gb
- /dev/sdb, 1000Gb
- /dev/sde, 32Mb (a little memory card)
Typically, just by the size, you can figure out what drive is your Windows system drive that you want to backup. If you found your drive and want to backup all of it, you can skip the next two sections (about partitions and the MBR).
What partitions to back up
Hard drives can be partitioned into different pieces. There are different purposes for this, for example:
- You install Linux and Windows side by side and dual boot
- You have one (smaller) partition for the system, and a separate partition for data, so you can reinstall/recover the system without touching your own files
- Linux uses a separate partition for swap
In the above example, the 120Gb system hard drive contains four partitions:
- A little Linux /boot-partition
- A special Windows 7 partition (typically invisible from Windows)
- A Windows 7 system partition
- A Linux system partition
If I wanted to backup this system I can backup the entire 120 GB harddrive (entire /dev/sda). If I just want to backup Windows I can backup sda2 and sda3.
Master Boot Record and Partition table
If you backup all the partitions of a hard drive, you still have not got everything. There is something called MBR (Master Boot Record) that contains the partition table itself, and a little program that starts up operating systems (or boot loaders). Think of it like this:
sda = MBR + sda1 + sda2 + sda3 + sda4
There may be small unused space between the partitions, so the size of the partitions + MBR is typically a little smaller than the entire hard drive. The MBR is exactly 512 bytes (very small), and there is nothing before the MBR on the drive.
If you backup the MBR and the partitions separately, you need to follow this procedure when restoring the system:
- Restore MBR
- Reboot (or force Linux kernel to reload partition table in another way)
- Restore partitions
Backup and recovery using local hard drive
The most natural thing is to backup to a local hard drive. In the example above, I could backup the 120Gb drive to a file on the 1000Gb drive. It is important to understand that we are going to backup an entire drive (or partition) to a file on a filesystem, on another drive. Thus:
- If backing up an entire drive, none of its partitions/filesystems must be mounted
- If backing up just a partition, that partition/filesystem must not be mounted
- The filesystem that you backup to, must of course be mounted
If in doubt what is mounted (or not) use the command mount, with no arguments. Simple example of listing mounts, unmounting and remounting a filesystem (to a different mount point) shown below (some output rows from mount is removed from example)
freke@freke:~$ freke@freke:~$ mount /dev/sda4 on / type ext4 (rw,errors=remount-ro,commit=0) /dev/sda1 on /boot type ext2 (rw) /dev/sdb1 on /media/old-boot type ext2 (rw) /dev/sdb4 on /media/mediadrive type ext3 (rw,commit=0) /dev/sdb3 on /media/old-root type ext3 (rw,commit=0) /dev/sde1 on /media/PSP32MB type vfat (rw) freke@freke:~$ sudo umount /media/PSP32MB/ freke@freke:~$ mount /dev/sda4 on / type ext4 (rw,errors=remount-ro,commit=0) /dev/sda1 on /boot type ext2 (rw) /dev/sdb1 on /media/old-boot type ext2 (rw) /dev/sdb4 on /media/mediadrive type ext3 (rw,commit=0) /dev/sdb3 on /media/old-root type ext3 (rw,commit=0) freke@freke:~$ sudo mkdir /media/myMemoryStick freke@freke:~$ sudo mount /dev/sde1 /media/myMemoryStick/
Now, presume we want to backup the entire sda (120Gb) to some filesystem mounted on /media/backupdrive
$ sudo dd if=/dev/sda of=/media/backupdrive/sda.img
WARNING: the above command is very dangerous. if means input-file and of means output file. Mixing them, or messing them up will Destroy Data. Nobody knows why the command dd is named dd, but one theory is that it means Destroy Data.
Backing up MBR and a few partitions is done like this:
$ sudo dd if=/dev/sda of=/media/backupdrive/sda_mbr.img bs=512 count=1 $ sudo dd if=/dev/sda2 of=/media/backupdrive/sda2.img $ sudo dd if=/dev/sda3 of=/media/backupdrive/sda3.img
Restoring the backups is done by just swapping if and of:
$ sudo dd if=/media/backupdrive/sda.img of=/dev/sda
(or)
$ sudo dd if=/media/backupdrive/sda_mbr.img of=/dev/sda
!! reboot here - check that sda is still sda - mount backupdrive !!
$ sudo dd if=/media/backupdrive/sda2.img of=/dev/sda2
$ sudo dd if=/media/backupdrive/sda3.img of=/dev/sda3
Compression
The backup files can typically be compressed with much success. Compression/uncompression can also be done on the fly, which makes it possible to backup a larger drive to a smaller one (well, you dont know how well it will compress before you try). For example:
$ sudo dd if=/dev/sda | bzip2 > /media/backupdrive/sda.img.bz2 $ sudo su # bunzip2 < /media/backupdrive/sda.img.bz2 | dd of=/dev/sda
Use gzip/gunzip instead of bzip2/bunzip2 if speed is more important than compression rate. I dont like piping much data into sudo, so I prefer to sudo to root instead.
Backup over network
It can be more convenient to make backup to another computer over the network rather than to a local or external hard drive. This is surprisingly easy. If the other computer runs Windows you need to install cygwin for this method to work. Mac OS X is ok.
Backup, server:
$ nc -l 33333 > sda.img.gz
Note, "-p 33333" switch is mandatory on some systems, and forbidden on others. We assume the server IP address is 192.168.0.99. 33333 is a port number, any value from 1025 to 65535 is ok (as long as port is unused).
Backup, client:
$ sudo dd if=/dev/sda | gzip | nc 192.168.0.99 33333
Restore, client:
$ sudo su # nc -l 33333 | gunzip | dd of=/dev/sda
Restore, server (assume client is 192.168.0.98)
$ nc 192.168.0.98 33333 < sda.img.gz
A bonus with compression is that you can verify the integrity of the backup using:
$ gzip -t sda.img.gz (or) $ bzip2 -t sda.img.bz2
This only works if compression is done on the client, but thats where it should be done anyway.
Other things to think about
This method works for backing up Linux systems as well. It should work for Macs as well, but it does not make so much sense because Mac OS X is very easy to install, and to restore everything from Time Machine.
Note that Macs does not use MBR. Modern Windows systems may use GPT (GUID partition table). In that case everything above about partitions probably dont apply.
If you have partitions with numbers 5 and above (sda5, sda6 etc) you have logical partitions. You need to learn about those before trying to back them up.
Restoring to a different hard drive than the original hard drive may not work. Same model and size should be fine. Same size should also be fine. Larger drive could be problematic. And you need to resize or create partitions to use the entire drive. Smaller drive is tricky.
In linux, you can mount an uncompressed partition image easily, with something like:
$ sudo mount -o loop sda2.img /media/windows_image
Compression of random data is inefficient. Compression of large blocks of zero-bytes is extremely efficient. When a file is deleted from a filesystem, the content of the file remains until overwritten. So, writing zeroes to unused space on the drive you backup is a good thing to do before backing it up. One simple way to do this is to fill the hard drive with large files containing just zero, until the drive is almost full, and then delete them. For reasons of fragmentation, you should never fill a Windows NTFS filesystem beyond 90%. In Linux (or Mac OS X) you can create a 100Mb emtpy file, and compress it, this way:
yggdrasil:OnMyMac gt$ dd if=/dev/zero of=100Mb.zeros bs=1m count=100 100+0 records in 100+0 records out 104857600 bytes transferred in 3.126381 secs (33539608 bytes/sec) yggdrasil:OnMyMac gt$ gzip < 100Mb.zeros > 100Mb.zeros.gz yggdrasil:OnMyMac gt$ ls -l total 205000 -rw-r--r-- 1 gt staff 104857600 Mar 25 22:51 100Mb.zeros -rw-r--r-- 1 gt staff 101791 Mar 25 22:52 100Mb.zeros.gz
Planning your Windows system
If you install Windows from scratch, you can do this:
- Install a small Linux system first on the hard drive
- Install Windows to a reasonably small partition (maybe 40Gb for Windows 7)
- In Windows, create a data partition on the large unused remaining space
- Boot into Linux, backup the Windows system partition to the Windows data partition
Now whenever you want to you can restore your Windows system easily, and also make later backups. Everything contained on one computer.
0 Comments.