Re: Image Files - Safety


"Sebastian Gottschalk" <seppi@xxxxxxxxx> wrote in message
news:4ngihgFaeiqgU1@xxxxxxxxxxxxxxxxx
jaygreg wrote:

The Acronis image setting on the external drive I was advised to buy for
backup contains an image file of my computer while it was infected. It
also
contains an Outlook .pst and BCM file I need to retrieve. That image
file
was scanned by the mechanic who put it there and scanned twice by me
with
NOD32. But the file has never been restored to a condition that will
permit
me to remove selected files. I'm about to buy Acronis True Image 9.0
Home
just for that purpose (it was created with True Image). I don't know
what to
expect when I convert or restore that file. I obviously don't what it
restored in the true sense of the word because the machine it's on has
been
reformatted, most of the programs and user files reinstalled, and is
running
fine.

Q1) I'd appreciate a comment about what to expect when this file is
converted. I want to make sure it stays on that external drive and
doesn't
try to replace what's there now. Of course, I'll read the instructions
when
I download the program this morning but I'd like to get a thumbnail
sketch
of what to expect from someone who has had experience in this area.

An expert wouldn't use proprietary formats for backups. I'd used 'dd' and
'bzip2', such an image would be easily mountable (and even read-only)
under
any operating system.

Q2) Can I feel assured - since the image file has been scanned so often,
that it's safe to copy user files from?

No. You should delete every executable (including DLLs, OCXs, ACMs, AXs
and
alike) and you should carefully validate and/or normalize all data (be
aware that just one little number added to a list of financial
transactions
can have devasting consequences). Of course, an expert would have a list
of
cryptographic checksums of all files from even before the infection, so he
would be able to spot all changes against the trusted state.

An expert wouldn't use proprietary formats for backups. I'd used 'dd' and
'bzip2', such an image would be easily mountable (and even read-only) under
any operating system.<<

I really don't know the level of expertise of the guy. He has a shop... I
had a need at the time... I was up a creek... he said he could help. So he
made an image of the drive. I assume the "dd" and "bzip2" you refer to are
two alternative programs? Why would you use them?

No. You should delete every executable (including DLLs, OCXs, ACMs, AXs
and
alike) and you should carefully validate and/or normalize all data <<

I've never used the program so I don't know what to expect. When I get
Acronis installed on my machine, what do I do next? Select the image file
and hit some button that converts it to ... whatever? Or do I just go to the
directory he created, scroll to the directories I think contain what I want
then convert just them? Or search for every file you listed above plus .exe
and delete them?

How do I validate or normalize data?


.