Data Recovery with ddrescue

  1. Home
  2. Data Recovery with ddrescue

Data Recovery with ddrescue

Search our FAQ

Last updated on
Views8
Print
You are here:
← Back
Table of contents

We once had an issue to recover data from a broken disk. Under Windows the disk was directly “attacked” and so directly the control over it was lost.

Same was with Windows PE Boot Sticks to recover data.

So the only option left was Linux and here is how we did.

First you need some tools you can download from my site or simply directly from the developer itself. Here are the links:

http://www.system-rescue-cd.org/Download
https://rufus.ie or https://www.balena.io/etcher

  1. Put the ISO on an USB Stick with Rufus (preferred) or Etcher
  2. Boot from Stick (deactivate Secure Boot) without connecting any external device (makes it easier to find the correct devices later)
  3. During the Boot process choose the default option (the first from the 2 options)
  4. When the boot process is finished you may want to change your keyboard layout. You can do this with the setkmap tool.
    Simply type setkmap at the prompt and then choose your keyboard layout from the list (fr_CH as example) and click OK.
  5. You can also start a graphical interface with startx but this is not needed to recover data. Within the graphical interface you can use FireFox, Partition Manager or FeatherPad (TextEditor)
  6. Connect your source drive (the defective one) and search for this device with
    ls -la /dev/sdc (where sdc may vary depending on what dev your device was mapped – so it could be sdc / sdd / sde etc.)
    If you have chosen the wrong one you’ll get an error saying that no such file or directory was found.
    PS: With lsblk you should be able to see what disk is mounted under what /dev/
  7. Now you can mount this device to check where the data is:
    • First create a folder in the mnt folder – do this with the following commands
      cd / (to get to the root folder)
      cd mnt (change directory to /mnt)
      mkdir source (take source as name as this is easier to find yourself back)
    • After creating the directory we can now mount the device (stay within the mnt folder)
      mount /dev/sdc2 ./source or mount /dev/sdc2 /mnt/source
      We use the number 2 as most of the time there are more partition created under Windows and 1 would be the hidden boot partition and 2 the first data partition
      That is also why we first mount the device to see if we are on the correct partition.
    • You can list what’s on your disk with (always while staying in mnt folder)
      ls -l ./source or ls -l /mnt/source
    • If you are on the wrong partition you have to unmount the device and restart with point b
      umount /mnt/source (for unmounting the source device)
    • if you can’t mount due to an unclean NTFS file system you may try this (example):
      sudo ntfsfix /dev/sdc2
      sudo mount -o rw /dev/sdc2 /mnt/source
  8. When you have your source device you connect your destination device to copy the data too. Important here is that you use a device formatted with NTFS as we are going to first create an image of the source disk on that disk which will be more than 4GB (FAT32 only supports files of max 4GB).
    Also here you have to do the same as for the source drive, just name the folder destination (point 7 and 8) and as it is a NTFS partition the normal mount wouldn’t work so you have to take
    ntfs-3g to mount the device
    ntfs-3g /dev/sdd2 ./destination
  9. When your destination disk is mounted switch to that folder so that you are in /mnt/destination
    This is important for the following command as we want to create a map file directly on that disk to be able to resume the recovery in case of a crash
  10. For the recovery process we are going to use ddrescue. Here are some switches that may be needed:
    -f             force
    -d            direct disk access (slower but doesn’t use the kernel cache)
                    with that method you can sometimes even recover more data as with the normal method
                    not every system is supporting this
    -r3          retry 3 times (you can change the numer)
    -N           skip the trimming phase
    We are using the following command for the first run (here we are recovering the most readable data)
    ddrescue -d /mnt/source /mnt/destination/data.img mapfile
    with that we copy the sdc2 partition in an data.img file on the destination disk and the mapfile is used if the recover crashes or so to not start from scrap.
    Also the mapfile is used for the second scan. Without switches we simply copy the data and when a sector has issues with reading ddrescue is skippin it and continuing with the next one without any retries.
    Now with the second scan we are going to use the -r switch to recover even more data. It is important to use the same mapfile as before
    ddrescue -d -r3 /mnt/source /mnt/destination/data.img mapfile
    You could also use this command directly but depending on the disk state you may lose all the data.
  11. After the copy is finished (about 10 hours for 1TB disk) you have an entire img file of your source disk.
    Here you may want to copy it as when you are going to mount this file you are going to make changes on it.
  12. Create an olddisk folder under /mnt
    mkdir olddisk (when you are under the mnt folder)
  13. Now mount the image file an create the folder for the recovered data
    mount /mnt/destination/data.img /mnt/olddisk
    mkdir /mnt/destination/recovery
  14. Than copy the data to the destination disk in a new folder
    cp -R /mnt/olddisk/ /mnt/destination/recovery/
    Pay attention that this also takes hours
  15. When all the data is copied you can unmount all the devices
    umount /mnt/olddisk
    umount /mnt/destination
    umount /mnt/source
  16. Now shutdown the computer
    shutdown -h now
  17. Check on a Windows PC if you have access to the data

I hope this can help you if you ever have such an issue. I also had a personal SSD that wasn’t accessible over Windows anymore but mounting it over an USB adapter on my Synology NAS, which is also Linux, helped me out and I could recover the data. It wasn’t important data, as I have backups for everything, but I spend during some days collecting different download etc. for a project and so I didn’t need to redownload everything lol 🙂 And there was an old Windows 95 game I patched to make it run on Windows 10 🙂

Have fun as always

PS: If I ever make a video I gonna attach it – maybe you can leave a comment and tell me if you want a how to video from me.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Term of the Day

ICT

Informations- und Kommunikationstechnik (IKT; auch Informations- und Kommunikationstechnologie, IuK-Technologie, IuK-Technik; häufig auch englisch information and communications technology, ICT) ist Technik im Bereich der Information und Kommunikation. Branchenüblich bei Dienstleistung, Handel und Hersteller ist die Abkürzung ITK, die aus dem Verschmelzen der Begriffe und der Branchen IT...
Full Description | Glossary

Recent Terms

Downloads

Link-Library

Timelines

ICT FAQ

Site Statistics
  • Today's visitors: 117
  • Today's page views: : 149
  • Total visitors : 10,339
  • Total page views: 13,571

Changes