Favorite "Quick and Dirty" Linux Distro

[britechguy]

Today has been one of the busiest days I've had in many, many moons, and what's even stranger is that none of the calls so far have been about new computers that need setting up, but old ones with various issues.

The call that triggers this query is one from someone who was in the process of falling for what I have to presume was going to be a ransomware scam, realized it while it was still happening and before anything appears to have been encrypted, and who shut her computer down immediately.

I will not, under any circumstances, try booting to Windows on a machine like that. My first thought was to fire it up using a bootable Linux to see what's there and to try to copy off the user data. Another option, of course, is pulling her system drive and having a look at it attached as an external drive to one of my machines that's not connected to the internet or my WiFi at the time. If there are opinions about these options, or any others, they would be appreciated.

But I started this topic because very often, when I want Linux for a purpose such as this, it can be minimal (but still with a GUI). Some Linux distros are simply massive, and I'm curious about what favorites others here may have when a "basic Linux for poking around" is all that's needed.

 

[Larry Sabo]

I would just use a WinPE, like Strelec WinPE, and back up the data or image he drive. If I needed to use Linux, I'd just boot Mint on a USB drive using Ventoy.

 

[britechguy]

I have a bootable USB for Linux Mint Cinnamon v19.2, which should be plenty sufficient for the intended purpose.

I generally use Rufus for creating bootable media, butI'll take a look at Ventoy, as I'm always curious about other options.

 

[Markverhyden]

If I have my doubts about what condition a M$ machine is in, in others as @britechguy said, possible scam/ransomeware I'd never start with a WinPE. You don't know what might have happened on the machine. Often M$ will happily parse certain files, like autoruns. To properly address that you'd have to mount the drive read only which is not a default. It's pretty much impossible for a *nix to parse a M$ script or binary so I'd not worry about mounting it r/w first time around. Once I'm happy that what ever I get is clean I'll use a PE. Personally I find the Gandalf "donation" to be reasonable. Have yet to look at Strelec's. My go to Utility Linux distro is partedmagic, again worth the fee. Kali is also very good but not so intuitive. But the price is right - free.

 

[Diggs]

I've ran Puppy, Tiny Core, Bodhi, etc. and it's just not worth not having all the toys and tools available that a regular Linux distro brings. These days I'd rather run a full distro with a light front end than put up with the tiny distros that are out there. To that end I have a few installs of Mint xfce but use the full Mint Mate for most drive recovery and salvage.

 

[britechguy]

If I have my doubts about what condition a M$ machine is in, in others as @britechguy said, possible scam/ransomeware I'd never start with a WinPE.

And that's pretty much my feeling, even if it's not based on anything rational (and if it isn't, I'm sure we'll hear about it).

It's just so much easier to avoid "Windows involvement" altogether until you have, at the very least, done a user data backup.

This client has no issue with a nuke & pave, provided she has her user data (which I need to check whether it's damaged/encrypted or not). She'd also like to have her browser bookmarks, but I can't ensure those are coming back and I don't know if browser sync was in use or not.

It's an older EliteBook 8560P, and while I haven't consulted the service manual yet, it looks like there is a removable service panel that covers the majority of the bottom of the unit. That would make it much easier to pull the drive and connect it externally if necessary.

 

[Philippe]

Have a look at Lubuntu...

 

[britechguy]

Just fired up my other laptop with Linux Mint, and it worked perfectly and I remembered a lot more about the "look and feel" than I thought I might have.

I've also just fired up the client laptop using same and am copying off all of the user data she's got.

I don't see much point in even trying to image the drive as after an incident like this I would not trust it at all, anyway.

 

[frase]

I have multiple boot options on my Ventoy Drive :

Strelec WinPE
Linux Mint
SystemRescue
Rescatux

 

[GTP]

MX Linux is small and fast and also a "Live" distro.
Great for older or low resource PC's, looks good and is full featured.
Being based on Debian is a huge plus.
Runs like a gazelle on new PC's too

 

[Haole Boy]

Another vote for pulling the hard drive from your customer's machine and accessing it via a docking station. As for using Windows vs. Linux to do access the pulled drive, as I understand things, there is no way for any (malicious) software on the drive residing in the docking station to effect your booted Windows machine unless you double click on an executable file. But, you folks have demonstrated to me time and time again that you know so much more than I do. Best of luck with this one.

 

[NviGate Systems]

Pop OS! from System 76 is quite nice. NTFS support is built in so you are good to go, plus it supports a good variety of hardware.

I have a custom WinPE I built from Windows 8.1 that ignores file permissions and allows me quick access to files without taking ownership. Great for when apps try and take ownership and mess with stuff.

 

[britechguy]

I understand things, there is no way for any (malicious) software on the drive residing in the docking station to effect your booted Windows machine unless you double click on an executable file.

While I agree that this is the case in a very great many cases, it's not always. But I fall into the same thinking you do, as I have never had any external drive (even those I knew to be hideously infected) do anything to the machines being used to clean them up when they were hooked up externally.

That being said, I don't like using Windows in any capacity with a possibly infected drive, so I will generally use a bootable Linux instead. And it does save pulling drives in a lot of cases, and it did in this one. I copied the data off using Linux, and then did a Windows Defender scan on that data on the external drive to which it had been copied on another machine (which is pretty much what you've proposed with the drive pull).

I just did the planned nuke & pave on the source machine, as I simply will not ever trust a machine, even that comes back clean on multiple scans, that has been involved in a remote access by unknown third parties situation.

 

[phaZed]

Kali here.

 

[Choppie]

I have a bootable USB for Linux Mint Cinnamon v19.2, which should be plenty sufficient for the intended purpose.

I generally use Rufus for creating bootable media, butI'll take a look at Ventoy, as I'm always curious about other options.

I have went to Ventoy few years ago, LIFE CHANGER. Have a 64GB Samsung USB stick with about 15 distros, including Win10 and Win11 on there. Works flawlessly.....

 

[sapphirescales]

I used to use Parted Magic but nowadays almost every computer that comes in is Bitlockered which means I have to use a portable Windows install in order to access the drive.

 

[britechguy]

[Of Ventoy] Works flawlessly.....

I wish I could say the same, but I also haven't finished playing with it either.

I just downloaded the latest version, 1.1.07, this morning, and set up my 32GB drive with these settings (it's not plugged in right now):


When I try to boot from it on an older HP laptop, which is 64-bit and GPT partitioned (it's running Windows 10, though) I get an error out of Ventoy. I put three ISOs on it: The final version of Windows 10 in 32 and 64 bit (created this morning), Linux Mint 22.1, and Windows 11.

I may need to reformat the USB drive as either FAT32 or NTFS, possibly, but it is exFAT format and it seemed that Ventoy had no issue with this. I also chose GPT over MBR.

 

[Sky-Knight]

I use Linux Mint XFCE for this.

XFCE is just so light, the boot times are down, and I don't need an overly fancy GUI. Cinnamon is nice, but it's a bit heavy.

PartedMagic is also a solid choice.

And if all you need is a command line, CloneZilla will work.

 

[Choppie]

I wish I could say the same, but I also haven't finished playing with it either.

I just downloaded the latest version, 1.1.07, this morning, and set up my 32GB drive with these settings (it's not plugged in right now):
View attachment 17799

When I try to boot from it on an older HP laptop, which is 64-bit and GPT partitioned (it's running Windows 10, though) I get an error out of Ventoy. I put three ISOs on it: The final version of Windows 10 in 32 and 64 bit (created this morning), Linux Mint 22.1, and Windows 11.

I may need to reformat the USB drive as either FAT32 or NTFS, possibly, but it is exFAT format and it seemed that Ventoy had no issue with this. I also chose GPT over MBR.

I've seen this on some usb sticks. It seems to be some problem with the little controller chip on the usb stick. On grc.com Gibson created a little program that will do a total wipe of the usb stick and clear any issues from sector 1 to the last sector, has some effect on the controller firmware, I have no idea what but it 100 percent fixed a few finicky sticks i had. Something to do with zeroing the first track.

GRC | InitDisk

Perhaps the most robust USB drive formatter ever created

www.grc.com

 

[britechguy]

Gibson created a little program that will do a total wipe of the usb stick and clear any issues from sector 1 to the last sector

Thanks. When I have a chance I'll try this and report back on the end result. I have other thumb drives I could use, but now I'm curious, and I may try a different thumb drive with the same three ISOs using Ventoy defaults just to see if that works any differently as well.