Never Leave the Office Without It: USB Bootable Tools

“Our server won’t boot! How soon can you get here?”

Well, that depends on what’s wrong with it, and what tools we need. But figuring those out over the phone can be more of a challenge than the actual repair.

Pretty much everyone who’s been in this industry for any length of time knows entirely too well how hard it is to balance the usefulness of a particular tool against the likelihood of needing it, and the frustration of turning an easy onsite fix into a game of back-to-the-office having elected to leave it behind.

In times past, when storage media was bulky, fragile, expensive, or any combination of the three, this often meant carrying a limited set of the most useful bootable tools into the field and hoping you wouldn’t need something more specialized. Floppies are large and prone to corruption from improper storage and transport, CDs are easily scratched and jewel cases are only good for shelf storage, and pretty much all of us have had to sift through the fistfuls of preloaded bootable USB flash drives we carried at some point in the past. These generally worked great, save for the fun of remembering which drive was which as sharpie labels wear off and sticky labels eventually fail in the “sticky” aspect.

StarTech.com S2510BU3ISO

In the early days, we jumped on the now-discontinued creation from Startech.com (left), which works with most 2.5″ SATA drives and, with the right formatting and folder structure, could present one of 3 different ISOs as a bootable CD drive over USB. Sadly, while the concept was fantastic, like most early products it had some shortcomings, two of which are likely responsible for the end of its manufacture.

The 3-ISO limit was easy to work around–you could store anything you want up to the limit of your drive’s available space outside the 3 magic folders, and as long as you had a working computer to connect the device to, it was easy enough to juggle things around. But we found it to be very cable- and port-sensitive, requiring us to carry both USB 3.0 and 2.0 cables, and ultimately not allowing us to abandon the aforementioned handful of flash drives as it would often sit stubbornly with no LEDs lit and no bootable entry in the BIOS. The final nail in the coffin was that even when it did mostly behave, it always took just slightly longer to initialize than any computer it was connected to, so it needed a soft-reset to get it to appear as a bootable device.

IODD-2531

We thought it was a great idea that hadn’t seen its full potential, and luckily we weren’t alone. A small Korean company called IODD now sells a similar device with some fantastic quality-of-life improvements–it might even mean the end of innovation in this particular area. Their model 2531 supports not just ISO images but also VHD and VMDK. It can also can present itself as a bootable USB optical drive, block storage device, or both at once. The mode and which disk image is presented as bootable are selected via jog wheel and displayed on the small LCD. Despite the fancier interface, it initializes in under a second, which is almost always fast enough to be listed as a boot option without a reset.

It’s technically limited to 32 entries in its ISO folder, but those can be subfolders containing additional ISOs, which you can browse in that tree structure on the display. For those of us in forensics, it even offers a hardware-write-lock option for imaging. Its bigger brother, the 2541, even supports 256-bit AES encryption, in case you need to store sensitive data on it. All in all, we’re very pleased with the IODD offering, and all Dreadnought personnel keep one in their bags, with a 500GB SSD and wide array of useful images preloaded so we’re ready to tackle just about anything.

Loaded Software

The full list of software we keep ready to go, the rationale behind it, and the each tool’s strengths and weaknesses could fill volumes, and this post is plenty long as it is. But we couldn’t talk about bootable toolkits at length without mentioning some of our most-used, so here are some highlights:

  • Operating Systems
    • Windows (of course)
      • 10 Home, Professional, and Enterprise, in most major builds going back to 1703
      • Server from 2012 to 2019
    • Ubuntu
      • Desktop, latest and current LTS, x64 and x32 just in case
      • Server, latest and current LTS
    • FreeDOS
  • Backup/Clone/Restore
    • CloneZilla
    • OSFClone
    • Macrium Rescue
    • AOMEI PartAssist
  • Diagnostic/troubleshooting
    • TuxPE
    • MemTest86
      • v8 and v4 for legacy support
    • Knoppix
    • Kali