Restoring erased hard drive partitions

[DirtyMagic]

I'll spare you the gory details but I really have to give a gratuitous plug to an open source program called "testdisk". If you or a loved one ever suffer from stupidity and accidentally wiped out your hard drive/format the wrong partition, etc. this baby'll fix you right up. And it's free.

http://www.cgsecurity.org/index.html?testdisk.html

[TestMan]

are you sure this will work??

Because thought when deleting data from an HD its kind of permanent and theres no way to recover.

[DirtyMagic]

Yup, it worked for me. I had a freak accident tinkering with a Windows 98 install disk. It completely erased and formatted the wrong drive. It wiped out an ntfs and a fat partition and made, so to speak, one big fat partition. Oooooooooh was I pissed.

I thought I'd lost a whole buch of supposedly safe data. Apparently, drives keep a backup of their file allocation tables even after they do a long format and this program uses that to reallocate the original disk space. I'm not actually sure what a full format does anymore since it doesn't seem to actually entirely wipe the data. Guess that's why they have those security programs that overwrite a disk over and over.

Ya learn something every day... usually under duress.

[TestMan]

how do you use it??
I just want to try to get any of the old data back on it.

[TestMan]

well I don't know how to use it properly.

Since my 2nd hard drive is gone form the listings instead of being recoverd.

[DirtyMagic]

Yeah, it's a real pain to figure out how to use. It's not bad once you've done it once but that first time is a killer!

It's been awhile, so this'll be really general but...

The program starts in a DOS box, as I remember and there's an option to scan your harddrive. Once you scan it, it won't find anything useful. I'm guessing that just looks at what's there now so it won't find old stuff yet. There's a "scan more" option or something at the bottom of the page that you can get to with the arrow keys, I think. That'll chatter away for while and it should then display all the new stuff, the old stuff, and some garbage.

Here's the part that took me forever to figure out... from the list of partitions there, I think you use the arrow keys to highlight the ones that you want to restore. To the left of the drive name, there's a little 'D" which means the partition was deleted. You use... uh, i think the arrow keys? Space bar? Enter? (Sorry been awhile) and change that to a P to restore the deleted partition to a primary partition again. It's goofy, I know... That should do it. You should at least be able to access the data after that. It goes through some stuff about different ways of rebuilding the boot partition but I didn't really need that since it was a data disk that I played with.

The guy that writes the program gives his e-mail and says he's willing to help and I'm here fairly regularly and can re-download and play with it a bit more if you need more help. Losing a drive is a crappy feeling... that's why I posted this.

[mkruer]

Is it just me or…

I have only lost information once on a drive, and that was when I got a boot sector virus. Thing about it is that I still have it, and was able to recover the data some 8yrs later when I found some free tools to read the drive again, I recovered the information, so in some sense I have never lost a drive.

[Guest]

I suppose it kind of makes sense... I think formats only "dis-assign" the tracks and sectors on a hard drive so the information that was still on the drive is still there. Now that I think about it, in order to really kill the info on a drive you need to do a "low-level format" or "zero" the drive with a utility right from the drive manufacturer that writes 0's to each location on the hard drive. Even then I bet there'd some residual magnaetism that could be picked up with the right techniques. Hence those multi-write high security eraser programs that the bad guys are always running just as Lenny Briscoe shows up at the crime scene.

See, you can boost your post count and still write a full paragraph.

[incubator]

Is it just me or…

I have only lost information once on a drive, and that was when I got a boot sector virus. Thing about it is that I still have it, and was able to recover the data some 8yrs later when I found some free tools to read the drive again, I recovered the information, so in some sense I have never lost a drive.

well, hte easiest way to recover a drive's data is to mount it in linux and copy everything to a diff hdd.
As for tools, i dont trust em. I once used partitionmagic to partition drives and make bootloader, but that went very bad.

[dandandaman]

Even then I bet there'd some residual magnaetism that could be picked up with the right techniques. Hence those multi-write high security eraser programs that the bad guys are always running just as Lenny Briscoe shows up at the crime scene.

Indeed it is true Even multiple rewrites may not get rid of the stuff, specialised equipment is able to read the edges of the magnetic tracks to get old data (albeit, with the decreasing track size of the new drives, this gets harder and harder). The only foolproof way to get rid of the data is to microwave the platters

Dan.a

[DirtyMagic]

The only foolproof way to get rid of the data is to microwave the platters

Now that sounds like fun! A hammer and a few spiral spikes could work, too. I'm a bit of a hardware guy at heart.

[incubator]

to get rid of data in a less harmfull but yet effective way:

Code: Select all

NAME
       shred  -  delete a file securely, first overwriting it to hide its con-
       tents

SYNOPSIS
       shred [OPTIONS] FILE [...]

DESCRIPTION
       Overwrite the specified FILE(s) repeatedly, in order to make it  harder
       for even very expensive hardware probing to recover the data.

       Mandatory  arguments  to  long  options are mandatory for short options
       too.

       -f, --force
              change permissions to allow writing if necessary

       -n, --iterations=N
              Overwrite N times instead of the default (25)

       -s, --size=N
              shred this many bytes (suffixes like K, M, G accepted)

       -u, --remove
              truncate and remove file after overwriting

       -v, --verbose
              show progress

       -x, --exact
              do not round file sizes up to the next full block;

              this is the default for non-regular files

       -z, --zero
              add a final overwrite with zeros to hide shredding

       -      shred standard output

       --help display this help and exit

       --version
              output version information and exit

       Delete FILE(s) if --remove (-u) is specified.  The default  is  not  to
       remove  the  files because it is common to operate on device files like
       /dev/hda, and those files usually should not be removed.  When  operat-
       ing on regular files, most people use the --remove option.

       CAUTION:  Note  that  shred relies on a very important assumption: that
       the filesystem overwrites data in place.  This is the  traditional  way
       to  do  things,  but many modern filesystem designs do not satisfy this
       assumption.  The following are examples of filesystems on  which  shred
       is not effective:

       * log-structured or journaled filesystems, such as those supplied with

              AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.)

       *  filesystems  that  write  redundant  data  and carry on even if some
       writes

              fail, such as RAID-based filesystems

       * filesystems that make snapshots,  such  as  Network  Appliance's  NFS
       server

       * filesystems that cache in temporary locations, such as NFS

              version 3 clients

       * compressed filesystems

       In  addition, file system backups and remote mirrors may contain copies
       of the file that cannot be removed, and that will allow a shredded file
       to be recovered later.