Backup & Recovery

Boot & Encryption Backup

Cryptsetup Header Backup:

# cryptsetup luksHeaderBackup /dev/<device> --header-backup-file /mnt/<backup>/<file>.img


Cryptsetup Header Restore:

# cryptsetup luksHeaderRestore /dev/<device> --header-backup-file ./mnt/<backup>/<file>.img


Check before restoring:

# cryptsetup -v --header /mnt/<backup>/<file>.img open /dev/<device> test

# mount /dev/mapper/test /mnt/test && ls /mnt/test

# umount /mnt/test

# cryptsetup close test


Net Backup

FileZilla: full-featured FTP solution for both client and server with an easy-to-use GUI. It is written in C++ and uses the wxWidgets library.




Bare Metal Backup

Clonezilla: a free and open-source disk cloning, disk imaging, data recovery, and deployment computer program.


FSArchiver: a system tool that allows you to save the contents of a file system to a compressed archive file. The file system can be restored on a partition which has a different size and it can be restored on a different file system. Unlike tar/dar, FSArchiver also creates the file system when it extracts the data to partitions. Everything is checksummed in the archive in order to protect the data. If the archive is corrupt, you just lose the current file, not the whole archive.



fsarchiver [ options ] savefs archive filesystem ...


fsarchiver [ options ] restfs archive id=n,dest=filesystem[,mkfs=fstype,mkfsopt=options] ...


fsarchiver [ options ] savedir archive directory ...


fsarchiver [ options ] restdir archive destination


fsarchiver [ options ] archinfo archive


fsarchiver [ options ] probe [detailed]



savefs Save filesystems to archive.


restfs Restore filesystems from archive. This overwrites the existing data on filesystems. Zero-based index n indicates the part of the archive to restore. Optionally, a filesystem may be converted to fstype.


savedir Save directories to archive (similar to a compressed tarball).


restdir Restore data from archive which is not based on a filesystem to destination.


archinfo Show information about an existing archive file and its contents.


probe Show list of filesystems detected on the disks.



-h, --help Show help and information about how to use fsarchiver with examples.


-V, --version Show program version and exit.


-v, --verbose Verbose mode (can be used several times to increase the level of details). The details will be printed to the console.


-o, --overwrite Overwrite the archive if it already exists instead of failing.


-d, --debug Debug mode (can be used several times to increase the level of details). The details will be written in /var/log/fsarchiver.log.


-A, --allow-rw-mounted Allow to save a filesystem which is mounted in read-write (live backup). By default fsarchiver fails with an error if the partition if mounted in read-write mode which allows modifications to be done on the filesystem during the backup. Modifications can drive to inconsistencies in the backup. Using lvm snapshots is the recommended way to make backups since it will provide consistency, but it is only available for filesystems which are on LVM logical-volumes.


-a, --allow-no-acl-xattr Allow to run savefs when partition is mounted without the acl/xattr options. By default fsarchiver fails with an error if the partition is mounted in such a way that the ACL and Extended-Attributes are not readable. These attributes would not be saved and then such attributes could be lost. If you know what you don't need ACL and Extended-Attributes to be preserved then it's safe to run fsarchiver with that option.


-e pattern, --exclude=pattern Exclude files and directories that match that pattern. The pattern can contains shell asterisks such as * and ?, and the pattern may be either a simple file/dir name or an absolute file/dir path. You must use quotes around the pattern each time you use wildcards, else it would be interpreted by the shell. The wildcards must be interpreted by fsarchiver. See examples below for more details about this option.


-L label, --label=label Set the label of the archive: it's just a comment about the contents. It can be used to remember a particular thing about the archive or the state of the filesystem for instance.


-z level, --compress=level Valid compression levels are between 1 (very fast) and 9 (very good). The memory requirement increases a lot with the best compression levels, and it's multiplied by the number of compression threads (option -j). Level 9 is considered as an extreme compression level and requires an huge amount of memory to run. For more details please read this page:


-s mbsize, --split=mbsize Split the archive into several files of mbsize megabytes each.


-j count, --jobs=count Create more than one compression thread. Useful on multi-core CPUs. By default fsarchiver will only use one compression thread (-j 1) and then only one logical processor will be used for compression. You should use that option if you have a multi-core CPU or more than one physical CPU on your computer. The typical way to use this option is to specify the number of logical processors available so that all the processing power is used to compress the archive very quickly. You may also want to use all the logical processors but one for that task so that the system stays responsive for other applications.


-c password, --cryptpass=password Encrypt/decrypt data in archive. Password length: 6 to 64 chars. You can either provide a real password or a dash ("-c -") with this option if you do not want to provide the password in the command line and you want to be prompted for a password in the terminal instead.



save only one filesystem (/dev/sda1) to an archive:

fsarchiver savefs /data/myarchive1.fsa /dev/sda1


save two filesystems (/dev/sda1 and /dev/sdb1) to an archive:

fsarchiver savefs /data/myarchive2.fsa /dev/sda1 /dev/sdb1


restore the first filesystem from an archive (first = number 0):

fsarchiver restfs /data/myarchive2.fsa id=0,dest=/dev/sda1


restore the second filesystem from an archive (second = number 1):

fsarchiver restfs /data/myarchive2.fsa id=1,dest=/dev/sdb1


restore two filesystems from an archive (number 0 and 1):

fsarchiver restfs /data/arch2.fsa id=0,dest=/dev/sda1 id=1,dest=/dev/sdb1


restore a filesystem from an archive and convert it to reiserfs:

fsarchiver restfs /data/myarchive1.fsa id=0,dest=/dev/sda1,mkfs=reiserfs


restore a filesystem from an archive and specify extra mkfs options:

fsarchiver restfs /data/myarchive1.fsa id=0,dest=/dev/sda1,mkfs=ext4,mkfsopt="-I 256"


save the contents of /usr/src/linux to an archive (similar to tar):

fsarchiver savedir /data/linux-sources.fsa /usr/src/linux


save a /dev/sda1 to an archive split into volumes of 680MB:

fsarchiver savefs -s 680 /data/myarchive1.fsa /dev/sda1


save a filesystem and exclude all files/dirs called 'pagefile.*'

fsarchiver savefs /data/myarchive.fsa /dev/sda1 --exclude='pagefile.*'


exclude 'share' in both '/usr/share' and '/usr/local/share':

fsarchiver savefs /data/myarchive.fsa --exclude=share


absolute exclude valid for '/usr/share' but not '/usr/local/share'

fsarchiver savefs /data/myarchive.fsa --exclude=/usr/share


save a filesystem (/dev/sda1) to an encrypted archive:

fsarchiver savefs -c mypassword /data/myarchive1.fsa /dev/sda1


extract an archive made of simple files to /tmp/extract:

fsarchiver restdir /data/linux-sources.fsa /tmp/extract


show information about an archive and its file systems:

fsarchiver archinfo /data/myarchive2.fsa


Storage Check and Recovery

There are two powerful available rescue utilities from cgsecurity:


TestDisk: checks the partition and boot sectors of your disks. It is very useful in forensics, recovering lost partitions.


PhotoRec: a file data recovery software designed to recover lost files including video, documents and archives from hard disks, CD-ROMs, and lost pictures (thus the Photo Recovery name) from digital camera memory. PhotoRec ignores the file system and goes after the underlying data, so it will still work even if your media's file system has been severely damaged or reformatted.




Secure Delete Right Click Menu

This option has ability in three different levels to wipe data to prevent others to recover deleted files after using the secure-delete command.

  1. Installing secure-delete with Administration Privilege
  2. Downloading Secure Delete Extension for Dolphin File Manager




What is zuluCrypt?

zuluCryptGUI: zulucrypt is a suite of applications for creating and managing volumes encrypted with luks, plain, truecrypt and veracrypt. zulucrypt-gui is a front end for zulucrypt-cli. This way all activities can be performed easily by the graphical interface.


zuluCrypt is currently Linux only and it does hard drives encryption and it can manage PLAIN dm-crypt volumes, LUKS encrypted volumes, TrueCrypt encrypted volumes, VeraCrypt encrypted volumes and Microsoft’s BitLocker volumes.


zuluCrypt can manage encrypted volumes that are hosted in image files, lvm, mdraid, hard drives, usb sticks or any other block device.


zuluCrypt can also encrypt stand alone files (zuluCrypt menu -> zC -> encrypt a file).




What is zuluMount?

zuluMountGUI: zulucrypt is a suite of applications for creating and managing volumes encrypted with luks, plain, truecrypt and veracrypt. zuluMount-gui is a front end for zuluMount-cli. This way all activities the zulumount-cli can be performed easily by the graphical interface. zuluMount-gui can unlock cryfs, encfs, gocryptfs and ecryptfs.


zuluMount is bundled with zuluCrypt and its meant to be used as a general purpose tool that mount and unmount zuluCrypt supported encrypted volumes as well as unencrypted volumes and it can be used as a substitute to udisks, pmount and related tools.


zuluMount-gui can also be used as a frontend to encfs, gocryptfs, securefs, ecryptfs and cryfs.


zuluMount-gui is ideal for use as a desktop environment/file manager independent tool for mounting/unmounting encrypted and unencrypted volumes.




Chkrootkit Scanner

The chkrootkit security scanner searches the local system for signs that it is infected with a 'rootkit'. Rootkits are set of programs and hacks designed to take control of a target machine by using known security flaws.

  • chkrootkit: a shell script that checks system binaries for rootkit modification.
  • ifpromisc.c: checks if the network interface is in promiscuous mode.
  • chklastlog.c: checks for lastlog deletions.
  • chkwtmp.c: checks for wtmp deletions.
  • check_wtmpx.c: checks for wtmpx deletions. (Solaris only)
  • chkproc.c: checks for signs of LKM trojans.
  • chkdirs.c: checks for signs of LKM trojans.
  • strings.c: quick and dirty strings replacement.
  • chkutmp.c: checks for utmp deletions.


chkwtmp and chklastlog *try* to check for deleted entries in the wtmp and lastlog files, but it is *not* guaranteed that any modification will be detected.


Aliens tries to find sniffer logs and rootkit config files. It looks for some default file locations -- so it is also not guaranteed it will succeed in all cases.


chkproc checks if /proc entries are hidden from ps and the readdir system call. This could be the indication of a LKM trojan. You can also run this command with the -v option (verbose).


Rootkits, Worms and LKMs detected

For an updated list of rootkits, worms and LKMs detected by chkrootkit please visit:




pars online, advance auto pars, toyota pars, integration by pars, honda pars, par's, pars international, pars kosher market, pars compacta, pars defect treatment, pars market, pars intermedia, pars cuisine, pars defect, pars interarticularis, pars interarticularis, pars fracture, pars tv live, livingston pars tracker, pars plana vitrectomy, pars distalis, pars planitis, l5 pars defect, pars defect of lumbar spine, bilateral pars defect, pars interarticularis defect, pars articularis, pars auto sales, pars equality center, du-pars, puff pars, pars cuisine, pars nervosa, pars rice cooker, pars flaccida, ups pars tracker, pars tensa, pars interarticularis fracture, pars intermedia, farrow pars tracker, pars check, bilateral l5 pars defects, pars cove, substantia nigra pars compacta, pars planar, pars planis, pars newz, pars 1, pars cars reviews, pars tuberalis, pars intermedia cyst, pars pro toto, more pars golf, accme pars, pcb pars check, pars opercularis, what is a pars defect, pars turf, du pars, pars consulting, pars defect surgery, cobra pars and stripes driver, pars plastic surgery, pars cars southlake, treatment for pars defect, pars flaccida stomach, pars defect exercises, pars defect icd 10, pars restaurant, russell a farrow pars tracker, pars game week, pars defects, pars intermediate cyst, pars orbitalis, pars fortuna, hoteles en pars, pars defect l5 s1, pars defect spine, living with pars defect, pars khazar rice cooker, pars defect with spondylolisthesis, bahar pars, pars defect treatment in adults, bilateral pars defects at l5 s1, unclaimedproperty pars org, pars injection, pars interarticularis fractures, pars intl, pars tv archive, pars number, enterprise rent a car, enterprise near me, enterprise car rental, enterprise car sales, enterprise truck rental, army enterprise email, enterprise rental, enterprise car rental near me, star trek enterprise, enterprise rental car, enterprise email, brockton enterprise, press enterprise, enterprise cars for sale, uss enterprise, enterprise bank and trust, enterprise customer service, enterprise bank, enterprise cars rent, enterprise airport, adirondack daily enterprise, enterprise definition, enterprise definition, enterprise promo code, enterprise car, uiuc enterprise, business enterprise center, beaumont enterprise, enterprise rentals, carrier enterprise, sentinel and enterprise, cody enterprise, enterprise cars for rent, news enterprise, enterprise value, enterprise hours, enterprise holdings, starship enterprise, davis enterprise, enterprise alabama, star trek enterprise cast, enterprise rental truck, enterprise products, park rapids enterprise, enterprise sales, american enterprise institute, enterprise customer service number, enterprise rent a van, enterprise used cars, enterprise locations, enterprise las vegas, enterprise rental near me, enterprise meaning, enterprise resource planning, enterprise high school, enterprise journal, enterprise center, enterprise rent, enterprise rent, enterprise discount code, enterprise phone number, the news enterprise, enterprise rental car near me, enterprise airport car rental, enterprise careers, enterprise lax, enterprise denver airport, hewlett packard enterprise, enterprise coupon code, enterprise coupons, enterprise rent a car near me, lowes enterprise al, enterprise al weather, walmart enterprise al, enterprise orlando, enterprise auto sales, enterprise architect, enterprise rent a car locations, the enterprise, verizon enterprise, enterprise fleet management, free enterprise system, enterprise email army, brockton enterprise obituaries, enterprise rent a truck, press enterprise bloomsburg pa, enterprise miami, enterprise plus, black enterprise, enterprise van rental, restaurants enterprise al, enterprise fort lauderdale, uss enterprise star trek, dod enterprise email, enterprise value formula, carelogic enterprise, on cloud shoes, adobe creative cloud, kindle cloud reader, cloud 9, google cloud, shadow in the cloud, cloud couch, on cloud, samsung cloud, craigslist st cloud, minecraft server hosting, apex hosting, who is hosting jeopardy this week, best wordpress hosting convesio, free minecraft server hosting, managed wordpress hosting convesio, best hosting for wordpress convesio, apex server hosting, who is hosting snl tonight, image hosting, discord server, dns server, dns server not responding, server jobs near me, wow server status, sql server, how to make a minecraft server, sql server management studio, 500 internal server error, best minecraft server, vps airport, vps router, vps hosting, vps server, free vps, cheap vps, what is a vps, vps meaning, vps arrivals, best vps hosting, google cloud vps, amazon vps, home server, eminent domain, google domain, domain name search, domain of a function, domain definition, the domain, domain and range calculator, domain lookup, what is a domain, seo reseller, reseller certificate, amazon reseller, reseller license, dedicated server hosting