Slashdot Mirror

← Back to Stories (view on slashdot.org)

What Data Recovery Tools Do the Pros Use?

Posted by timothy on from the besides-waterboarding dept.

Life2Death writes "I've been working with computers for a long time, and every once and a while someone close to me has a drive go belly up on them. I know there are big, expensive recovery houses that specialize in mission-critical data recovery, like if your house blew up and you have millions of files you need or something, but for the local IT group, what do you guys use? Given that most people are on NTFS (Windows XP) by the numbers, what would you use? I found a ton of tools when I googled, and everyone and their brother suggests something else, so I want to know what software 'just works' on most recoveries of bad, but partially working hard drives. Free software always has a warm spot in my heart."

18 of 399 comments (clear)

  1. for fat and ntfs by keeegan · · Score: 5, Informative

    Get Data Back works very well.

    1. Re:for fat and ntfs by darkvad0r · · Score: 5, Informative

      For a free solution, check TestDisk.
      It has saved my data many times.

    2. Re:for fat and ntfs by TheLinuxSRC · · Score: 4, Informative

      I could not agree more. Just last week I had a designer friend who accidentally deleted the partition his portfolio was on. We tried to recover the partition however the MFT had become lost/corrupted.

      My first attempt to recover his data was with ntfsundelete, however it did not recognize the partition at all. I next used Disk Internals NTFS Recovery program (Commercial) with the same results.

      Finally, I Googled a bit and found the testdisk/photorec package and used that. It took about 40 hours to recover ~225GB data. It was unable to recover filenames, however it did create new directories for each directory it found and recreated the files in those directories, albeit with arbitrary names. Most impressively it did recreate the files with the proper file name extensions. With some creative perl scripting I could have even renamed some of these files based on meta data in the files. This was not necessary in my case.

  2. GetDataBack by sean_nestor · · Score: 5, Informative

    GetDataBack has worked perfectly for me many times. Very easy interface, works on deleted files as well as formatted disks (provided the data you want to recover hasn't been overwritten, of course). Worth the $79, IMO.

  3. Well by ledow · · Score: 4, Informative

    ddrescue

    But to be honest, if you've hit that point for an "enthusiast" user, then you're already on your last legs. If you ain't got a backup, forget it - the chances of getting one particular file you've lost might be good, the chances of recovering any significant amounts and being able to verify their integrity are bad.

    Plus, with SSD's, flash, memory cards, etc. the chances of being able to recover *anything* from a faulty drive without professional equipment are fast approaching zero. Most USB Flash drives just "die" when they hit their write limits, rather than fail gracefully into read-only mode.

    1. Re:Well by bonehead · · Score: 5, Informative

      Here's one that's saved my butt several times.

      Often times when a drive fails it's not the physical mechanism that goes bad, it's something on the circuit board. If you can find an identical drive (should be pretty easy in a corporate environment, could be tricky for a home user), just carefully remove the board from the good drive and install it on the bad one. You'd be surprised how many times that "totally dead" hard drive will start working like new.

      The software solutions are great for some situations, but they can't do anything if the drive isn't even visible to them.

  4. R-Studio by CodyRazor · · Score: 5, Informative

    Back when most data recovery and disk utility applications didnt work on vista (and many still dont) I found one called r-studio. It managed to recover a whole lot of data of a damaged flaky 5TB Raid 5 array, which is pretty impressive considering it was the only application at the time that could even recognize it as a drive, all the others just call it a damaged volume.

    As far as I know its still the only one that can do Raids, at least as far as I can find. It also allows many customization options of searches and donest over simplify things too much. It takes forever but it finds any potential damaged file systems and then lets you use whichever one you like to recover whichever files you like. It can also be used to recover deleted files.

    As far as I recall its pretty cheap, at least compared to a few out there and worth a try. But with all recovery and security software, I find the information and their website extremely generalized and vague about what exactly you can do, so I always download the software first to make sure it can do what I want, which 90% of the time it cant, and then if it works I buy it. Its not the most legal practice but if they dont offer demos and wont be specific about what their software does its the only practical solution.

    --
    So Skulldilocks threw acid on the schoolchildrens' faces, cause somebody from the bible told her to do it!
  5. Pros avoid having to use data recovery tools. by argent · · Score: 4, Informative

    Pros make sure they have good backups. Pros tell their users "nothing on your laptop/desktop is backed up", make that corporate policy, and respond to virus infestations by re-imaging the victim's computers to make sure that everyone's too damn scared of Mordac the Preventer to keep anything on local storage.

  6. dd by locofungus · · Score: 5, Informative

    dd if=/dev/sdb of=dump.img bs=512 conv=noerror,sync iflag=direct

    Once a drive has started failing the first thing you want to do is get as good a copy of everything as you can manage. If it's a physical problem, especially if it's a damaged platter, then it tends to get worse as the drive is used. Get everything off and then work on the copy.

    Tim.

    --
    God said, "div D = rho, div B = 0, curl E = -@B/@t, curl H = J + @D/@t," and there was light.
  7. TRK - dd/dd_rescue/ddrescue, Restorer by millisa · · Score: 5, Informative

    My favorite tools are a combination of the Trinity Rescue Kit linux boot cd and the Restorer tool.

    It depends on the type of failure, but generally, I start with a ddrescue to get an image of the drive, especially if the drive is running bad sectors. Either I set the image to go to a secondary spare drive or I push it across the network. ddrescue is nice in that it doesn't bail when it hits those bad sectors, can run in reverse mode, and eventually it'll get as much as isn't corrupt on the drive into the image.

    After establishing the image, the original failed drives go into ESD bags and aren't touched again unless they are to get shipped to one of the expensive clean room type places for their style recovery.

    Most of the win32 drive recovery softwares out there can handle reading from an image file, so from here on out, I work with the images I took with ddrescue. Restorer has worked pretty well for me on getting things back from hard drives, CF cards, and even raid sets (figuring out the cluster sizes on the raid can be a pain if you don't happen to know them, but the software does support reassembling raid drives from the images you take of the single drives).

    Most of the win32 packages out there have support for making the original images, but I haven't had as much luck with most of them when dealing with severely corrupted drives or with a large scattering of bad sectors. Either they take far too long to make it through the image or they end up failing to get by the bad sectors.

    Regardless of what you end up picking, you don't want to use any of the recovery tools that advertise how they can fix the partition table and such on the drive, live . . . any recovery operation that thinks it is ok to 'fix' a drive with data on it you want to recover has the wrong mindset. The data is important, not making the drive work again.

  8. Spinrite works miracles by stenchcow · · Score: 4, Informative

    Spinrite has worked miracles in the past for me. It's brought back unbootable corrupted windows partitions back to life for me. Supposedly it also fixes physical defects in hard drives as well. It boots off of a image from disc. It costs $89.00 but it's saved my butt in the past.

    1. Re:Spinrite works miracles by Glonoinha · · Score: 3, Informative

      I was using Spinright back in the 90's - it was awesome then, but I wasn't aware they are still around.

      I endorse the package from the 90s and if it is the same guys I'm tempted to endorse them today.

      --
      Glonoinha the MebiByte Slayer
    2. Re:Spinrite works miracles by NetRanger · · Score: 4, Informative

      Same here. At $89, SpinRite is a bit on the pricey side, but I have recovered data from hard drives that I thought I had zero chance of saving. I figure since it saved hundreds of dollars in labor -- several times -- it was worth every penny. Especially in those circumstances where your highly paid datacenter techs thought it was a great idea to construct a RAID 5 from all identical hard drives from the exact same manufacturer lot. Sucks when two of those drives experience the exact same fault within a few minutes of each other. Fortunately I was able to whip out SpinRite and save the day, because otherwise we were looking at days and days of restoring from incremental backup tapes.

      It's an ancient-looking DOS command-line utility, but I definitely give props to Steve Gibson for keeping SpinRite up to date to where it works on modern hard drives. $89 versus days and days of overtime pay for IT guys -- it certainly made me look pretty good come performance review time.

      --
      -- We live in a world where lemonade is artificial and soap has real lemon.
    3. Re:Spinrite works miracles by Jane+Q.+Public · · Score: 3, Informative

      SpinRite is no more capable of causing a head crash than Microsoft Excel is. If the heads crashed, they crashed. Don't blame SpinRite for it. That's like blaming a coolant failure for destroying your engine, when it fact it overheated because you ran out of oil.

  9. Re:Cannot beat RAID by DigiShaman · · Score: 3, Informative

    I agree, these days every home PC should be setup for RAID1 (RAID5 for workstations). However, RAID should *never* be a substitute for making backups to external media.

    --
    Life is not for the lazy.
  10. Circuitboard Repair or Replacement often necessary by TunaPhish · · Score: 3, Informative

    As far as software goes, a combination of dd / ddrescue / strings / fdisk / grep / mount / and the r-studio suite from r-tt.com are what I use. Though, most of the time the drive is physically damaged, and it's not always inside.

    For example, last week I had a laptop come in with no power to the drive. I examined the board with my eyes and my Fluke Multimeter and discovered that the power +5V on pins 41 and 42 wasn't reaching very far into the board and was basically disconnected at the first component. It looked to be a power-protection diode which had blown due to a surge. I was able to bypass it with a dot of solder, and once reassembled the hard drive powered on, I copied the data off. When the customer decided he didn't want to pay, well, I removed that solder dot before returning his drive to him without his data...

    On 3.5" hard drives you'll often see a rectifier diode serving the same purpose, so when you run into a drive that doesn't spin up, check that out first. It's a small black component connecting the power to ground, and it shouldn't be passing electricity (but it will when it fails, so just pop it off to get your drive working again).

    Other times a clicking drive can be fixed by just swapping out the board with an identical one from another drive. Sometimes, similar model number boards will work as well, but not often. It's a lot of fun trial and error. On the plus side, if the drive is totally fubar'd but still spins up, you can pop it open and do some hard drive spin art!

  11. Re:My .02 by tinkerghost · · Score: 3, Informative

    Sad thing is, before I even got to your post I was envisioning this exact scenario and was considering starting a business on the side doing house calls.

    Even sadder, is I do this for a living - onsite, in home repair & installation - and the reality is they just whine about having to pay you for watching the progress bar. Pickup & dropoff involves so much less whining.

  12. Re:Make the repair shops pay for loss of data by Mister+Whirly · · Score: 3, Informative

    When I repair a computer, I set the terms, not the customer. I would never agree to pay for an inflated damage cost, ever. As a matter of fact, I tell them flat out I am not responsible for any data loss that would occur. Not that I have ever lost anyone's data, but if I did I want it clear i am not liable for any monetary loss they would suffer. If their data is THAT important, they have multiple backups, right?

    --
    "But this one goes to 11!"