Trinity Rescue Kit 3.1 review

License: GPL (GNU General Public License)
File size: 87382K
Developer: Tom Kerremans
Trinity Rescue Kit or TRK is a 100% free CD bootable Linux distribution aimed specifically at offline operations for Windows and Linux systems such as rescue, repair, password resets and cloning, with the ability to update itself.

It has custom tools to easily recover data such as deleted files, clone Windows installations over the network, perform antivirus sweeps with 2 different antivirus products, reset windows passwords, read AND write on NTFS partitions, edit
partition layout and much much more.

Trinity Rescue Kit 3.1 is the evolved version of 3.0 and a complete rewrite of version 1.1 and the unfinished 2.0. It 's mostly based on Mandrake 10.2 (Mandriva 2005) binaries and heavily adapted startup scripts.

What 's new since 3.0?

self update capability: TRK now has a script that will download/search all non-GPL
licensed software, like the Microsoft ntfs
drivers or F-prot. It will also update antivirus definitions for F-prot and Clamav.
Afterwards, it will recreate itself as a new iso
file which you can burn again to CD
new version of captive-ntfs, using the latest XP SP2 drivers and LUFS
clamav 0.88-1
mkisofs, cdrecord, pico, cfdisk
eject CD (was bug in build 204) and powerdown on halt

What 's new since 1.1 (and 2.0):

more hardware support:
kernel with most default options left on, so all important hardware like
disc controllers and network cards are supported, even SATA disks, USB storage and gigabit ethernet. Also patched with lufs (for ntfs support) and bootsplash (background graphics)
better network capability: besides all common network client tools, you can also run a secure shell server for remote access or TRK to TRK file copies
run completely from memory: provided you have at least 192Mb of ram, you can run TRK from memory and eject the CD once it has booted, giving you the ability to mount other CDs
vesa framebuffer support: TRK now has limited graphical support thanks to kernel
builtin framebuffer support.
qtparted: the famous PQMagic clone. Partition editing never been this easy thanks to the graphical interface this tool uses (via framebuffer)
configure your LAN to be "TRK 3 compliant": you can change the way a TRK behaves by adding an otherwise unused parameter to your DHCP server to point to a webserver where you keep specific configuration data for your TRK such as proxy settings or complete scripts with which you can do anything you want
run scripts from a local computer by searching for /.trk/trklocal.conf
full NTFS write support thanks to the captive ntfs project by Jan Kratochvil.
more NTFS write support with the NTFS Fuse driver.
Secure Shell server: let a user boot from TRK, enter a new password for root and
connect to TRK remotely

Featuring home brewed scripts, new and improved:

updatetrk (since 3.1): updates TRK with ntfs drivers, F-prot + definitions and
Clamav definitions. When the script is run without arguments, it looks for a Windows pagefile.sys, creates a loopback filesystem on it and creates TRK from there. Afterwards it copies the new isofile to C: emp, from where you can burn it to CD again
clonexp: script that uses ntfsclone to perform copies of ntfs filesystems between
two computers each running their copy of Trinity Rescue Kit 3.1. One PC copies his Windows installation over the network to another PC running a TRK 3.1 with a secure shell server enabled. An easy way to clone Windows installations or recover as much as you can from a dying disk. Run it either interactively or from a single commandline
winpass: does the same thing as in TRK 1.1, searches for all local Windows
installations, runs chntpw on your SAM file and resets the password. It now also handles Windows on FAT32 correctly and uses the safe ntfs driver from the Linux kernel, so it works even without captive support
regedit: is actually the same as winpass, but starts chntpw in interactive mode and allows you to edit a Windows registry
virusscan: completely rewritten,this script now has two different engines: the default is to run with the GNU Clamav antivirus which is free for everyone. This is a very good scanner, but the drawback is that it can only detect virus infected files, not clean them. So the only option is to delete them, where most of the time the file is the complete virus. But just to be sure we don 't delete anything valuable, a quarantined backup is being made first. The other part of the script uses the free-for-home-users F-prot. F-prot itself is not included in TRK but it gets downloaded from their site. F-prot DOES have the ability to disinfect files if necessary.
ntfsundeleteall: also completely rewritten, ntfsundeleteall, a wrapper for
ntfsundelete now recovers deleted files from an NTFS volume but it gives you the ability to add a recoverability percentage to the commandline. Since it only recovers files and not directories, sometimes you would have double filenames. This has been countered by adding the inode of the file at the beginning of the filename, so recoverability is 100% within the possibilities of ntfsundelete

More utils:

links: simple webbrowser which runs in framebuffer graphical mode. Handy to go and read some reference docs on the Internet
ftp and lftp
ssh and scp
ms-sys: This program is used to create Microsoft compatible boot records. It is able to do the same as Microsoft "fdisk /mbr" to a hard disk. It is also able to do the same as Microsoft "sys d:" to a floppy or FAT partition except that it does not copy any system files, only the boot record is written.
Reiserfs tools
ext2/ext3 tools
dosfs tools
tcpdump, nmap and netcat
mdadm for offline raid configuration
burn, a utility that stresses your CPU
samba client: mount windows shares over the network
shred: erase a harddisk until it's unrecoverable even by magnetic resonance recovery
fatback: undelete files from fat filesystems
TestDisk: Tool to check and undelete partition, works with most common partitions
PhotoRec: File and pictures recovery. PhotoRec has been created to recover pictures from digital camera memory and it has been extended to recover lost files from harddisk (List of known files). PhotoRec is safe to use, it will never attempt to write to the drive or memory support you are about to recover from. Recovered files are instead written in the directory from where you are running the PhotoRec program.
pico text editor
mkisofs and cdrecord
perl 5

