Wednesday, December 29, 2010

Linux to the Rescue: Data Recovery

I had a user bring a machine running Windows to me earlier today that wasn't working right. I did something that I've done a bunch of times before to recover the data off of it. Here's what I did.

First I took a live Linux boot disk (I typically use OpenSUSE) and booted from it.

Once it's booted fire up a terminal. Using the live KDE version of OpenSUSE I pressed Alt-F2 and typed 'konsole'. Once the terminal is up type:

cd /dev

then:

ls

look for sdaX where 'X' is number. These are partitions on the first hard drive. If there's more than one hard drive in the machine check sdb, sdc, and so on. In the case from this morning there was an sda1 and an sda4. Being a Windows XP laptop sda1 was the primary partition on the first hard drive and sda4 was the 'recovery' partition put there by the people who put the laptop together. So what we've got to do now is mount that primary partition so we can get at the data. First I needed to created a directory to mount the partition on so I typed:

su

this made me root. There wasn't a password needed because it was a live disk boot. Then:

md /media/hd

This command created the directory to mount the partition on. The next step is to mount the thing. This I did by typing:

mount -o loop /dev/sda1 /media/hd

This mounts the device /dev/sda1 as a loopback device at the directory that was just created in /media/hd.

Once mounted you can go into the mounted partition and get at the data. So...

cd /media/hd
ls

will show you the contents. Now in my case I had a NAS on the network so I could copy the data off to that. I did this by again pressing Alt-F2 and typing:

dolphin /media/hd

This opened the default graphical file manager in KDE and pointed it at the freshly mounted hard drive partition. In my case the data that I was after was in "/media/hd/Documents and Settings/" so I navigated there. Once there I was able to see the files in the user's Desktop, My Documents, etc. folders. At this point I needed the connection to the NAS so I pressed Ctrl-t to get me a new tab in Dolphin. Then I did Ctrl-l so I could type the address I wanted to access. Again, in my case I typed in

smb://username@nas-hostname/sharename

A moment later the NAS responded asking me to enter in the password to access it. I entered it and created a folder by right-clicking-->new-->folder and called in FROM_OLD_MACHINE. Then I went into that newly created folder and flipped back to the first tab in Dolphin where the files that I wanted were. I clicked on the files and folders that I wanted to recover then dragged them to the tab in Dolphin that was showing the folder on the NAS; hovered there for a moment. When it switched over to that second tab I moved the cursor into that folder and let go of the mouse button. I then selected 'copy' and it started copying the files into the folder on the NAS.

As it turned out in this case the fix was relatively straight forward on the Windows side and I didn't need this backup but at least I had it.

Also, I know this wouldn't work if there was something screwie with the filesystem on that partition that I mounted. Never the less, in a large majority of cases where I'm given a Windows machine that won't boot I've been able to recover the data with this method. Even if I do end up having to re-install I've got the data from the original install.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)