We all know that we as web- and computer-natives are some kind of nursery children, playing around with our operating systems (Windows XP, Vista or 7) until they are strewn and stuck with all that digital litter we have "collected" over time. In most cases joy is tempered until you have to reinstall Windows straight from scratch after playing around a little while, finding Windows in some state you cannot use it properly anymore (e.g. misconfiguration of the whole box, infected by malware, installed too many apps and software etc.). In such cases a comprehensive backup of a well installed and preconfigurated Windows-box (including all drivers, patches, software you needed at time of creation) seems to be worth one's weight in gold.
In general the solution is really simple: Create a beautiful plain installation of Windows and basic applications you always need and then build a so called image dump of that 'little something'. Having the image you're now in some kind of "god mode" and armed to have fun: You can play around, install and test software of any kind, install, test and analyze malware ... do stuff you should not do ... and! If you are done, just take that lovely image dump, restore it and it's like nothing happend.
Well, there are a lot of commercial tools out there to supply your need of an imaging tool. But wait a minute! Why should one spend about 50-100 bucks for something you could get for free? Yepp, for F-R-E-E!
Using one of the current well known Linux-distros you can achieve the same thing by just typing some magic lines into the console. And for my Windows fan boys Linux additionally proves that it is good for something.
ADVICE: THE FOLLOWING DESCRIPTION IS RAW AND UNCUT - USE AT YOUR OWN RISK! IN NO EVENT SHALL I BE LIABLE FOR ANY DAMAGES CAUSED IN ANY WAY OUT OF THE USE OF THE FOLLOWING DESCRIPTION.
Having said this we can now move on. First boot up some Linux Live-System (e.g. try http://www.xubuntu.org or http://www.knopper.net/knoppix/) and fire up a console. Lets assume your target NTFS volume is located at /dev/sda1. It could also be /dev/sda2, /dev/hda1 or /dev/hda2, so make sure that you adjust the lines below fitting your envrionment. Notice: Mount the volume in first instance and check its content to catch the right NTFS volume. Perform the following steps to create a NTFS-image dump out of it and/or to restore one:
Before we build any image make sure you are a super-user by executing
Using sfdisk with the -d option we can get a dump of the current partition table in a regular file, and if needed we can restore it from that file:
sfdisk -d /dev/sda1 > sda1.partition (if necessary use --force)
and to restore the partition table:
sfdisk /dev/sda1 < sda1.partition (if necessary use --force)
To backup the boot sector use the dd-utility:
dd if=/dev/sda1 of=sda1.boot bs=512 count=1
To restore the boot sector:
dd if=sda1.boot of=/dev/sda1 bs=1You might unmount /dev/sda1 before using ntfsclone to perform the following steps. Build a backup image straight from a NTFS-volume into a compressed image file by executing the following line:
ntfsclone --save-image -o - /dev/sda1 | gzip -c > sda1.img.gz
Restore a NTFS volume from a compressed image file:
gunzip -c sda1.img.gz | ntfsclone --restore-image --overwrite /dev/sda1 -