While perusing ZDNet Australia I encountered this article about data recovery, which appears to be a thinly veiled piece of advertorial about a data recover firm.
The article pissed me off. It doesn't mention the importance of preventative action like good, well-tested backups. It certainly doesn't bother considering the possibility that you can recover from common cases of data loss yourself or with help from a techie friend, avoiding paying huge sums to the DR firm.
Here are a few tips for recovering lost pictures, documents, etc from a hard drive that's in reasonable physical condition but isn't readable from the computer. The same techniques apply to flash media like Compact Flash, MMC, SD Card, USB memory keys, etc, many of which have the unreliable FAT32 file system on them by default and are very prone to being rendered unreadable by minor file system corruption.
You should not attempt these tips unless you can accept the small risk that you might actually make the problem worse. Most importantly, do not attempt any of these steps if you suspect your hard drive has a serious mechanical fault - say it stopped working after being dropped and now makes sqeaky scratchy noises, it was immersed, it was burned, etc. Attempting to power on a hard drive that's damaged like that will make later recovery harder, so you should take drives with serious physical damage straight to DR pros.
For the other 99% of cases, read on.
Prevention: How are your backups?
If you just said "what backups?" then consider yourself slapped. At my work I recover data for people who had no backups all the time as a sideline to help the staff out. I tell them it's free the first time, but if they do it again I'll charge half the pro rates, so they'll be up for several thousand dollars in recovery fees. So far, nobody has ever come back a second time, so clearly the lesson is working.
With Time Machine on Apple systems and Windows Backup on Windows 7, there's no excuse for not having at least local backups now. Numerous cloud backup services exist for smaller but more important data, too.
Imagine that, right now, your laptop/desktop/whatever is being stolen or destroyed and will never be repaired/recovered. What data on there do you need and don't have anywhere else? If the answer isn't "nothing" then YOU ARE DOING IT WRONG and you need to fix your backup scheme right now.
Go to the local computer shop today. Buy a 1TB external hard drive. Unpack it. If possible, putting it a wee way away from your computer via a long USB cable so thieves are less likely to grab it at the same time as the computer. Maybe put it in a bookshelf or something. Now plug it in, and when your computer offers to use it as backup storage for Windows Backup or Time Machine (depending on OS) say yes.
Imperfect backup? Very. Better than nothing? Lots.
Recovery from minor faults
Even if you do suffer from a fault, the chances are you don't need "professional" data recovery. The most common issues I encounter are:
- Removable flash media (camera cards, USB sticks, etc) that're removed during a write operation, causing corruption of the FAT32 file allocation tables. The files are still there, the system just can't find them and doesn't know what they're called.
- Failed external hard drive enclosures/power supplies
- operating system issues preventing a machine from being booted so the user panics about their data
- file system corruption rendering a disk unmountable; and
- bad sectors causing disk access to fail and time out
Corrupt FAT32 file systems (a) are something you should only really encounter on flash media these days. If you're still using FAT32 on a hard drive, you're doing it wrong. For corrupt FAT32 on camera cards and other flash media, use the wonderful PhotoRec (part of the testdisk suite by CGSecurity) to grab those photos and documents. If that doesn't get everything, numerous cheap commercial tools are available - search for "flash file recover" or something. Note that photorec and most other tools will not be able to preserve the directory structure (folder arrangement) or file names, only the file contents, so you'll have some sorting to do. If you want to avoid that, read on for tips about repairing corrupt file systems.
It's trivial to fix (b): pop the disk out of the enclosure, drop it in an external SATA-to-USB (or eSATA) cradle or into a new external enclosure. Fix cost: About $20 for a new enclosure. You don't lose your directory structure, file time stamps, or anything.
OS failures (c) are usually trivial too. Even if you can't fix the OS, you can grab the files off by booting off a CD or by putting the OS disk in a cradle/caddy and accessing it from a separate machine. This is easy even with most laptops in these days of SATA disks; it's only any challenge on compact laptops that require significant disassembly to access the HDD. For such compact laptops, boot Linux or your commercial recovery tool of choice off a CD, using a USB CD-ROM if they don't have a drive, or boot them off a USB flash drive, then recover data to an external HDD. Fix cost: Usually $0.
If you have (d) file system corruption, tools exist that'll help you recover many or most of your files. The most important thing is to MAKE AN IDENTICAL COPY OF YOUR ENTIRE HARD DRIVE, block-for-block, onto a spare disk before doing any work. I use SystemRescueCD (requires Linux experience) and ddrescue for this, but an Ubuntu boot CD or any commercial imaging utility of your choice will do fine too. Once you've made a backup image, you can try file system repair (fsck, chkdsk, etc). If that fails, try block-level recovery tools - the best free one I know of is `photorec' from the `testdisk' package, which despite its name will recover a variety of different file types not just photos. Numerous commercial recovery tools exist too.
If you have a genuinely failing disk (e) then commercial recovery is the safest option. Unless the data is earth shatteringly expensive you probably don't want to fork out for that, though. If that's the case, try using ddrescue from a Linux boot CD like SysRescCD to copy the data from the failing drive to a new blank one the same size or larger. Once all the still-readable data is copied over you can treat it as a corrupt file system (a,d) and see how you go. DO NOT EVER ATTEMPT TO REPAIR THE FILE SYSTEM ON THE FAILING DISK IN-PLACE; ONLY EVER WORK ON A COPY.
All DIY data recovery has risks, so if you're trying to recover the only copy of the code that'll prevent the automatic timed launch of your home-made nuclear missile, please take the disk to a professional data recovery operator. If it's the precious photos of your pet cat, though, maybe you'll want to try recovering it yourself...
I really enjoy your stuff, Craig; thanks and keep it coming.
ReplyDeleteThank you!
ReplyDelete