I’m not a data recovery specialist, but I tend to help people out every now and then with computer problems, and sometimes you have to deal with a disk that doesn’t seem to work anymore. This is a collection of notes I made after I got a new challenge. I had to resort to using testdisk and ddrescue. I’ve been testing a few tools, and read about more, but these were the tools I landed on.
IMPORTANT: I’m not an expert on this topic. Every additional moving of the needle can cause a harddrive to fail even harder. If your data is absolutely critical, use a certified data recovery service.
When I get a harddrive in a laptop or external enclosure, my first attempt is to see if there is something between computer and the disk. I try to remove the disk from the computer or enclosure and connect it to a USB3 to 4-types of P/SATA adapter I have bought years ago and has saved me multiple times. If it mounts, copy everything to another drive, to be sure, and move it to a new disk.
If that doesn’t work, Testdisk might be able to browse the disk. If it has found a valid partitions it will allow you to copy files to another disk (make sure you copy to another disk). It can do a lot of stuf automatically.
ddrescue to the rescueIf the harddrive fails to mount, and scanning in Testdisk results in errors or halts, it is best to copy the data byte per byte. One of the reasons is that a physical issue may be the root cause, risking more damage. To copy all data, use ddrescue .
$ sudo ddrescue -d -r3 /dev/sda backup.img backup.log
This will take long. Don’t be surprised if it takes a week (or two, I was given a 4TB HDD). It will scan your drive up to 5 times to get all bits recovered. Hence use something other than a laptop to do it, although it is possible to restart the process.
First get the device location. On linux you can use lsblk for this; it will show you the devices, and where it has mounted (if applicable, it is not needed). You’ll probably be able to recognise the disk from its size. On macOS running sudo diskutil info -all can help you, although it dumps more info to parse.
I tend to prefer Linux for data recovery as it allows for lower access to the drivers.
Now instead of running the regular command, run
$ testdisk backup.img
The TestDisk tool allows you to scan the image for partitions and lets you browse the partitions. From thereon it is possible again to copy files.
Enjoyed this? Follow me on Mastodon or add the RSS, euh ATOM feed to your feed reader.
Dit artikel van murblog van Maarten Brouwers (murb) is in licentie gegeven volgens een Creative Commons Naamsvermelding 3.0 Nederland licentie .