[ale] Fwd: Hard Drive Death Spiral -- AKA Recovery Software?
Michael H. Warfield
mhw at WittsEnd.com
Thu Dec 11 14:31:19 EST 2008
On Thu, 2008-12-11 at 13:53 -0500, Greg Freemyer wrote:
> The first thing you need / want to do is make a full copy (image) of the drive.
> So, buy a drive that is atleast 20% bigger. (just to be sure).
> Format it ext2 or some other basic FS. (Definitely not FAT).
> If the drive is more or less functional use dd to make the image. If
> not, look into dd_rescue (or ddrescue, I forget).
Look into ddrescue. There's two of them out there. One is Gnu
dd-rescue and the other I simply refer to as the non-Gnu dd-rescue.
Each works a little bit differently. It will work around back blocks
and progressively recover your data into an image and zero fill the
sectors it can not recover.
I did a presentation last year for ALE on extreme practical data
recovery. The presentation is here (four formats):
http://www.wittsend.com/mhw/2007/DataRecovery-ALE-2007/
http://www.wittsend.com/mhw/2007/DataRecovery-ALE-2007/DataRecovery-ALE-2007.odp
http://www.wittsend.com/mhw/2007/DataRecovery-ALE-2007/DataRecovery-ALE-2007.ppt
http://www.wittsend.com/mhw/2007/DataRecovery-ALE-2007/DataRecovery-ALE-2007.pdf
Yeah, someone else was looking for that a while back. I never got
around to properly naming the slides, either...
> If it is a data drive, then all you have to do is:
> boot normally. dd if=/dev/sdX of=/image_file_on_big_drive bs=4k
> conv=sync,noerror
ddrescue is MUCH more effective at this. It will do a fast recovery of
the drive and then go back and re-excercise the drive narrowing down the
errors as much as possible. The presentation above was based on
recovering a 200G drive that had crashed. All of track 0 was shot as
were about a dozen large spots around the drive. By the time I was done
(over a month later) I had recovered all but a couple hundred K of the
data and recovered virtually all the live data.
Mike
> If it is a boot drive, then boot a linux boot disk and do the same.
>
> Once you have that working copy, you need to decide if you want to
> make even another copy that you keep un-modified.
>
> You can use gpart to guess / rebuild your partition table.
>
> Once you know where your partitions are and you know what filesystem
> type you have, you can use various recovery software to move forward.
>
> To do the recovery, we use a professional tool, so I'm not sure what
> low-end / free software is available to do the recovery. (We use
> either Encase Forensics ($3,000) or X-Ways Forensics. ($1200))
>
> PTK is new opensource recovery tool that was released in the last few
> months. It may support linux filesystems. Not sure.
>
> HTH
> Greg
>
> On Thu, Dec 11, 2008 at 10:54 AM, H P Ladds <householdwords at gmail.com> wrote:
> > Hey All,
> >
> > I have a hard drive that appears to be dieing, and I need data
> > recovery software. Any suggestions?
> >
> > History of problem:
> >
> > 1. Somehow the partitions on the drive got out of order -- sda6 used
> > sectors (4376 - 4618) and sda5 had (4619 - 19457).
> > 2. In an effort to correct this situation, I deleted the partitions
> > and recreated them using the same sectors.
> > 3. I was hoping to do a e2fsck to recreate the superblocks and such.
> > This was a bad plan, and partition sda5 is not mountable.
> > 4. I did not reformat the partition, so I believe the information is
> > still there.
> > 5. I guess what I need to do is reformat the drive without destroying
> > the data on the disk, which is mostly impossible -- right?
> >
> > Yes, I do have the info backed up on DVDs, but this seems to be a good
> > opportunity to develop some data recovery skills, and maybe I can see
> > what's on that disk I've had in the freezer for about two years.
> >
> > H. Preston
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> >
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20081211/7d475b4e/attachment.bin
More information about the Ale
mailing list