如何建立一張ERD Commander 2009 R2恢複盤

Lately I have been getting asked the Question: So where can I get my hands on the latest copy of ERD Commander? To help you guys out I decided to put something together and post it on my blog.

<b>How to get MDOP:</b>

<b></b>

Prerequisites:

Options:

A.    Windows 7 and 2008 R2: x64, x86

B.    Windows Vista and Windows Server 2008: x64, x86

C.   Windows 2000, Windows XP, and Windows Server 2003: x86

<b>Important:</b>

Depending what Windows version of DaRT you install will determine what version of Windows <b>ERD Commander Recovery Disk </b>can be used on. Example: If you create a Windows 2008 R2 x64 <b>ERD Commander Recovery Disk </b>it will boot on a Windows 2003 x86 OS but you will not find an active partition and not all the MSDart Tools will work. It is important to create <b>ERD Commander Recovery Disk</b> specific for the Operating System you are wanting to triage.

Listed below are the Step-by-Step instructions without the screenshots. At the bottom of this post you can download my original doc with screenshots.

1.    Click on Start, Programs and launch the <b>ERD Commander Boot Media Wizard</b>

2.    Browse to where your Windows CD is located.

3.    This step is going to extract the files and create a temp location to build your image.

4.    Select your tools. I kept the default which is everything.

5.    On my <b>ERD Commander Recovery Disk </b>I wanted to add the Debugging Tools and Symbols. You must have the tools already installed on your computer before you start the <b>ERD Commander Boot Media Wizard.</b>

6.    System Sweeper Definition gives you the ability to triage an infected system.

7.    You need internet connectivity to download the updates.

8.    I didn’t need to add any additional drivers to my boot disk.

9.    I added the Debug Symbols to my <b>ERD Commander Boot disk </b>just<b> </b>in case I needed them in the future. This will help me if I am ever in a squeeze and I need to launch

Crash Analyzer to view a dump without being connected to the internet. All I have to do is point the Crash Analyzer Wizard to the

following path: X:\Windows\DebugSymbols and it should be able to read my symbols.

Remember the ERD Commander Boot disk has to load in memory. So whatever you dump on your ERD Commander Boot disk make sure the computer you are wanting to triage has adequate memory to support the size of your boot disk.

10.  I chose the default path to put the .ISO.

11.  This step is creating your <b>ERD Commander Recovery Disk. </b>Make sure you have adequate space on this drive otherwise this process will fail.

Trust me I know..

12.  Select your burning device.

13.  Burn Baby Burn…

14.  Your <b>ERD Commander Recovery Disk </b>is done!!

 Now go and save the world…

本文轉自 h2appy  51CTO部落格，原文連結：http://blog.51cto.com/h2appy/320945，如需轉載請自行聯系原作者