Favorite "Quick and Dirty" Linux Distro

[britechguy]

Today has been one of the busiest days I've had in many, many moons, and what's even stranger is that none of the calls so far have been about new computers that need setting up, but old ones with various issues.

The call that triggers this query is one from someone who was in the process of falling for what I have to presume was going to be a ransomware scam, realized it while it was still happening and before anything appears to have been encrypted, and who shut her computer down immediately.

I will not, under any circumstances, try booting to Windows on a machine like that. My first thought was to fire it up using a bootable Linux to see what's there and to try to copy off the user data. Another option, of course, is pulling her system drive and having a look at it attached as an external drive to one of my machines that's not connected to the internet or my WiFi at the time. If there are opinions about these options, or any others, they would be appreciated.

But I started this topic because very often, when I want Linux for a purpose such as this, it can be minimal (but still with a GUI). Some Linux distros are simply massive, and I'm curious about what favorites others here may have when a "basic Linux for poking around" is all that's needed.

 

[Larry Sabo]

I would just use a WinPE, like Strelec WinPE, and back up the data or image he drive. If I needed to use Linux, I'd just boot Mint on a USB drive using Ventoy.

 

[britechguy]

I have a bootable USB for Linux Mint Cinnamon v19.2, which should be plenty sufficient for the intended purpose.

I generally use Rufus for creating bootable media, butI'll take a look at Ventoy, as I'm always curious about other options.

 

[Markverhyden]

If I have my doubts about what condition a M$ machine is in, in others as @britechguy said, possible scam/ransomeware I'd never start with a WinPE. You don't know what might have happened on the machine. Often M$ will happily parse certain files, like autoruns. To properly address that you'd have to mount the drive read only which is not a default. It's pretty much impossible for a *nix to parse a M$ script or binary so I'd not worry about mounting it r/w first time around. Once I'm happy that what ever I get is clean I'll use a PE. Personally I find the Gandalf "donation" to be reasonable. Have yet to look at Strelec's. My go to Utility Linux distro is partedmagic, again worth the fee. Kali is also very good but not so intuitive. But the price is right - free.

 

[Diggs]

I've ran Puppy, Tiny Core, Bodhi, etc. and it's just not worth not having all the toys and tools available that a regular Linux distro brings. These days I'd rather run a full distro with a light front end than put up with the tiny distros that are out there. To that end I have a few installs of Mint xfce but use the full Mint Mate for most drive recovery and salvage.

 

[britechguy]

If I have my doubts about what condition a M$ machine is in, in others as @britechguy said, possible scam/ransomeware I'd never start with a WinPE.

And that's pretty much my feeling, even if it's not based on anything rational (and if it isn't, I'm sure we'll hear about it).

It's just so much easier to avoid "Windows involvement" altogether until you have, at the very least, done a user data backup.

This client has no issue with a nuke & pave, provided she has her user data (which I need to check whether it's damaged/encrypted or not). She'd also like to have her browser bookmarks, but I can't ensure those are coming back and I don't know if browser sync was in use or not.

It's an older EliteBook 8560P, and while I haven't consulted the service manual yet, it looks like there is a removable service panel that covers the majority of the bottom of the unit. That would make it much easier to pull the drive and connect it externally if necessary.

 

[Philippe]

Have a look at Lubuntu...

 

[britechguy]

Just fired up my other laptop with Linux Mint, and it worked perfectly and I remembered a lot more about the "look and feel" than I thought I might have.

I've also just fired up the client laptop using same and am copying off all of the user data she's got.

I don't see much point in even trying to image the drive as after an incident like this I would not trust it at all, anyway.

 

[frase]

I have multiple boot options on my Ventoy Drive :

Strelec WinPE
Linux Mint
SystemRescue
Rescatux

 

[GTP]

MX Linux is small and fast and also a "Live" distro.
Great for older or low resource PC's, looks good and is full featured.
Being based on Debian is a huge plus.
Runs like a gazelle on new PC's too

 

[Haole Boy]

Another vote for pulling the hard drive from your customer's machine and accessing it via a docking station. As for using Windows vs. Linux to do access the pulled drive, as I understand things, there is no way for any (malicious) software on the drive residing in the docking station to effect your booted Windows machine unless you double click on an executable file. But, you folks have demonstrated to me time and time again that you know so much more than I do. Best of luck with this one.

 

[NviGate Systems]

Pop OS! from System 76 is quite nice. NTFS support is built in so you are good to go, plus it supports a good variety of hardware.

I have a custom WinPE I built from Windows 8.1 that ignores file permissions and allows me quick access to files without taking ownership. Great for when apps try and take ownership and mess with stuff.

 

[britechguy]

I understand things, there is no way for any (malicious) software on the drive residing in the docking station to effect your booted Windows machine unless you double click on an executable file.

While I agree that this is the case in a very great many cases, it's not always. But I fall into the same thinking you do, as I have never had any external drive (even those I knew to be hideously infected) do anything to the machines being used to clean them up when they were hooked up externally.

That being said, I don't like using Windows in any capacity with a possibly infected drive, so I will generally use a bootable Linux instead. And it does save pulling drives in a lot of cases, and it did in this one. I copied the data off using Linux, and then did a Windows Defender scan on that data on the external drive to which it had been copied on another machine (which is pretty much what you've proposed with the drive pull).

I just did the planned nuke & pave on the source machine, as I simply will not ever trust a machine, even that comes back clean on multiple scans, that has been involved in a remote access by unknown third parties situation.

 

[phaZed]

Kali here.