OffTopic: TestDisk Data Recovery

Posted by: mstauber Category: General

The TestDisk Data Recovery Tool and why you should know it.

Before I start I'd like to offer my apologies for going so deeply off-topic here. This has nothing to do with BlueOnyx, yet some of you might find this interesting and useful. If not now, then maybe some time down the road.

Sometime last year I had a big misfortune that involved dropping a 1 TB Toshiba hard disk while transferring it from one PC to the next. The result: It was still getting detected for what it was, but the partition table was unreadable and neither the superblock nor any of its copies would work.

The disk in question didn't contain any work related data, but was filled to the brim with mementos such as family photos, document scans, self written documents, lots of videos. Files that had been aggregated since 1994 and (through the course of the decades) had moved from one disk to another, one PC to another and lived on more than one continent. A copy of that data had existed on a file server that was in the process of being rebuilt and the swapping around of the disk (during which it was dropped) was actually performed to be able to (more quickly) create a backup of said data back onto said file server. So: Double face palm ...

After creating an exact carbon copy image of the faulty disk with 'dd' I played around with the disk image on occasions in the last 16-17 months. I tried all kinds of disk rescue tools. Some freeware, some paid. None of those really worked for a magnitude of reasons as they all failed to accurately guess the partition table. Some "best effort" guesses I received were hundreds of gigabytes off.

The closest I got with recovering *any* data at all was with Foremost, which examines the whole disk block-wise and tries to determine which blocks belong to a certain file. It can recover certain file types such as images, videos and some documents, but the recovered files have no name (other than numbers) and are structured into directories of the same file type. JPEGs go into a /jpeg directory, AVIs into an /avi directory and so on.

That allowed for some recovery, but the sheer mass of unintelligible files with numerical names made it a chore to make sense of it. Still: It was better than nothing.

In an article someone mentioned the freeware tool TestDisk from Christophe Grenier and I just gave it a try. After all, it couldn't hurt as I was just using it on an image of the damaged disk. After using it I can only say this:

HOLY MOTHER OF CHRIST! THANK YOU!!

From an end user perspective this was almost effortless and for that I can only admire Christophe Grenier's work all the more. Especially after having failed myself so thoroughly perusing and using StackOverflow and any other source of help and recommendations and plenty of other tools.

TestDisk scanned the disk image in Auto-Detect mode, detected the superblock issue and after a deep scan offered a few dozen possible partition layouts. Only the first two made really sense. After confirming that the partition was indeed Linux, EXT4 and Primary, TestDisk allowed me to access a file and directory list that actually made sense. AND offered me to copy all or selected data to a destination on my workstation.

That recovery wasn't pitch perfect, but considering the damage I didn't expect it to be. For example there was a readme.txt in a nested sub-directory. Once upon a time it must have been a text file. Now it was a directory that contained about 300GB worth of data from a sub directory that once had been a locally exposed Samba share. But the data it was supposed to have was there and that's what counts.

After using TestDisk to copy of half the data I had a power outage in the office (yeah, Colombia <sigh>). So after the workstation was up again I used TestDisk again on the image. Did a quick scan and used the offered option to write a new MBR and a guessed superblock to the image. That then allowed me to just outright mount the disk image and I had access to (almost) all my data again.

All in all I might have lost fewer than 3-5% of data and the actual recovery took just a couple of hours with TestDisk, which seamlessly worked where everything else had long since thrown the towel.

So if you ever find yourself in a similar unfortunate situation (Make sure you don't! I will!), then give it a try.

I tip my hat to Christophe Grenier, who will have my eternal gratitude for saving my bacon when I failed to properly safeguard my data.


Return
General
Sep 9, 2021 Category: General Posted by: mstauber
Previous page: Home Next page: API Documentation