Semiprofessional data rescue with Windows and FreeBSD

Tags: freebsd, software

Published on
« Previous post: Using vpnc with the University of … — Next post: True friends: dd and netcat »

Let’s keep the introduction short: A stupid person (loosely related to my circle of friends) crashed his hard drive. Because he was not able to shut the PC down properly. Instead he would just “pull the plug”. Yes. However, an interesting scenario for me: A hard disk with faulty sectors, 2 crashed NTFS partitions. Time for…dd_rescue.

This little tool works just like dd, but it won’t abort on errors in the input file. In theory, you should be able to read data from defective disks. Yet, this takes very long time, so you should also use dd_rhelp. This bash script tries to read the maximum number of valid data before stopping for bad sectors. And best of all: You can stop at any time, try to read the image and let dd_rhelp continue its work afterwards.

The syntax is self-explaining if you start dd_rhelp --help. So let’s assume you have got a working copy of the defective hard disk. In my case, there were two NTFS partitions, so I decided to do the actual rescue under Windows. This statement may seem audacious, but it really worked for me.

First, I obtained a copy of GetDataBack for NTFS. This program is a recommendation of Sven, a friend of mine. If you know any other programs, please mail me. Well, GDB worked flawlessly in this case. However, before I could try the program, I had to mount the image as a Windows drive so that GDB was able to access it. This was done by using filedisk, an excellent driver for Windows that is able to mount images just as you would do it under FreeBSD. These images then appear as normal Windows drives. In my case, direct access was not possible, as the Master File Table (MFT) was corrupted. But GDB was able to recover most of the data anyway - great job.

So, what is the essence of all this? Well, it demonstrates that FreeBSD in combination with Windows might yield good results. Furthermore, it proves that it’s possible to do serious work under Windows (as long as you are using the right software, that is…). For some people, the forensic acquisition utilities, on which I accidentally stumbled, might also be helpful in case of data loss.

And don’t forget: A backup is for life and not just for Christmas.