Tips for Disk Recovery using Linux

Linux Platform, Computing
Tips for Disk Recovery using Linux
Page content

Real Life Experience: Recovering data from lost partitions

Rather than come up with hypothetical scenarios in which you may need Linux recovery tools, I will share two experiences that I have had. In both cases, I used Linux to recover data on Windows NTFS partitions.

The Case of the Absent-minded Admin

In the first, a fellow system administrator managed to accidentally delete the main partition of a Windows 2003 server, serving a few hundred web sites. For 24 hours, the server was offline and customers were complaining. Said admin tried various tools. One - which he paid $100 for - recovered all of the files with the exception of those under 2kb size. The technical support for the software said that “our software has no bugs.” Indeed. We cloned the hard drive, emptiness and all, to another drive using the “dd” tool in Linux. With both disks installed, the first /dev/sda and the second /dev/sdb, I used it like this:

dd if=/dev/sda of=/dev/sdb

This took the first drive (sda) and copied it, bit by bit, to the second drive (sdb) so that we had a working copy that we could afford to lose if it was destroyed.

I attached the cloned drive to my Linux PC and used the ’testdisk’ utility. I searched the drive for Intel partitions. After a few minutes it found the primary NTFS partition. I commanded testdisk to recover the partition and write it to the partition table. Then I made the partition bootable. It was installed into the server, and it was immediately booted up and back online.

The Case of the Viral Villain

In our second case, a customer called us out to repair a Dell computer that would not boot. Using my Linux boot disk, I found that the Dell utility partition and a “tools” partition were intact, but there was no primary NTFS partition for the Windows installation. Using testdisk once more, I found the partition, restored it, and made it bootable. After getting it to boot, I found that it was infected with a virus that had apparently deleted the primary partition. After cleaning the viruses out, the PC ran fine.

What you can use: PartedMagic and Trinity Boot Disk

trk34-b365-simple-menu

The PartedMagic boot CD, available at partedmagic.com, allows you to boot the damaged computer and use such tools as ntfsfix, testdisk, and other ntfs and ext3 tools to recover data. There’s not enough room in this article to cover each tool, but there are many tutorials online.

I’ve also used the Trinity Boot Disk at trinityhome.org to recover data from dying (but not dead) drives. With its menu driven system, it is very easy to share the drive on a network and copy the data from it. This is useful when a disk will not boot. I once recovered a disk that was on its way out, but had not completely died. I shared its drive using the Trinity Recovery Kit and successfully copied the data to another computer on the network. The drive then died completely! We caught it in the nick of time.

We hope this article has given you insight on how you can use Linux to recover hard drive data.