«
»

Using gddrescue to save your data – Part 1


My experience with ddrescue and dd_rescue

About a week ago my wife’s laptop hard drive failed sudden. She had not been making regular backups of her data so now the goal was to restore as much data as possible as quickly as possible.

My first attempts at recovering the data were weak. My gut instinct was to reach for my trusty hirum boot CD which has a variety of recovery tools. Sadly, most of these tools either didn’t work or locked up when trying to read from the disk. It was time to get more serious…

After doing some additional research I found dd_rescue, a bulk copy tool similar to UNIX / Linux “dd”, but is designed to recover gracefully from disk errors. I was thrilled to find such a simple application specifically designed for this problem. I left the disk connected to a machine to recover data over night.

The next morning I found the entire process failed around 5GB. I tried to cancel and restart the process, but apparently dd_rescue doesn’t handle interruption very well. After some investigation I found a similar application called gddrescue. This package comes directly from the GNU foundation and has the added feature of defining a “log” so you can easily pickup where you left off. Clearly gddrescue has more functionality and is superior to dd_rescue.

I started the recovery around the point of failure using gddrescue now. This time when the process was interupted starting back up was easy. After about 7 days of work the drive is almost finished, however its missing the first 10,000,000 blocks from my dd_rescue image. It should be possible to merge the devices together, I’ll discuss that in part 2…

Here is a quick summary of how to use gddrescue /w Knoppix boot CD.

  • Burn a copy of the latest Knoppix boot CD.
  • Install your damaged disk in another computer, make sure the BIOS sees both disks.
  • Boot using Knoppix and mount your good hard drive. Make sure you have more space then the entire size of the disk your trying to recover.
  • Here is where it gets tricky, Knoppix doesn’t come with gddrescue, only dd_rescue. You can install gddrescue using a *.deb package.
  • Execute the following command ' ddrescue /dev/hdb1 (damaged disk) /media/disk1/recovery.img (good disk) /media/disk1/log_file '
  • Watch and wait. If you have to cancel simply re-execute the command.

A few warnings about data recovery…

  • Whatever you do do not write any more data to a damaged disk.
  • Work quickly to extract an image of the disk.  Run recovery tools against the image, not the damaged disk.
  • Make backups so you don’t have to go through this.

Part 2 will cover the following…

  • The use of file “carving” software to extract data from a raw partition.
  • Merging two images together using gddrescue.
  • The outcome of my week long recovery effort.
Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks

This entry was posted on Wednesday, March 18th, 2009, 10:10 am and is filed under Technology. You can follow any responses to this entry through RSS 2.0. You can leave a response, or trackback from your own site.

  1. #1 by Jeffrey W. Sosebee - August 14th, 2009 at 15:54

    Yeah, but instead of restoring an entire disk, how do you go about restoring about 10 GB worth of files?

    Quote

  2. #2 by Administrator - August 17th, 2009 at 10:30

    I would recommend building a local image of the entire disk before attempting to restore files. Information is not always stored in logical order, so you can’t just take the first 10GB and expect good results.

    One thing to consider is using ‘photorec’ to pull out files based on type (images, video, documents, etc). I still recommend building a complete image before attempting to extract files, but if you are just look to grab a single document — photorec can do that for you.

    Goodluck!

    Quote

  3. #3 by Michael - August 20th, 2009 at 23:06

    Hello,

    I’m running ddrescue on my sister’s hard-drive based camcorder right now (a 1 year old got ahold of it!).

    You mentioned that it took about 7 days. Was that continuous running? How big is the drive you ddrescued?

    I’m just trying to gauge how long this might take!

    Quote

  4. #4 by Administrator - August 21st, 2009 at 11:01

    My wife’s hard drive was a 40GB 4200RPM 2.5″ laptop disk which I suspect seriously impacted the speed of recovery. I ran gddrescue 24 hours a day for at least 7 days. I ended up using an old Dell PowerEdge server as a dedicated recovery station.

    If you have time, try re-running it after the first pass. If given enough time you can often recover all of the data by “filling in the blanks” on a second or third pass.

    Quote
(will not be published)
  1. No trackbacks yet.