Month: June 2011

A Windows laptop bluescreened midway through a transfer of data from the internal disk to a 500GB (Michael Jackson) external disk. Windows refused to acknowledge the existence of the FAT32 partition, saying the disk needed to be formatted; my Mac fared no better, claiming I needed to initialise the disk.

This was a backup disk (and in fact, the computer was backing up when it bluescreened), but nothing on there was irreplaceable, so I decided to have a bit of a play with some data recovery tools.

The first thing I needed to go was get a disk image so that I could fiddle around to my heart’s content without worrying about damaging the disk. The disk cloning utility dd took care of that for me:

dd if=/dev/sdc of=./michael.img

I cloned the entire device (/dev/sdc vs. /dev/sdc1, for example) since the partition table appeared to be corrupted. I didn’t set any special options and since I was in no particular hurry, I let it do its thing overnight. Once I had a disk image, I tried testdisk to see if it could rebuilt the partition table, or at least let me copy the contents of the partition to somewhere else.

testdisk ./michael.img

For a more comprehensive look at testdisk’s functionality, check their wiki. In essence, I used the Advanced section (Filesystem Utils) to do a boot sector recovery, from which I could access the filesystem contents and select files I wanted to copy to a directory, ready for copying back over on to the external disk.

Although this is by no means an in depth look into testdisk, its tools are impressive. It can rebuild partition tables to allow corrupt disks to boot again. The sister program, photorec is aimed more at recovering images and other media based on the signature those types of files have in a filesystem.

For my purposes, however, the recovery was pretty straightforward and the data have been successfully recovered. The last job is to format the disk with a fresh (probably NTFS) filesystem, and then copy the recovered data back.