A number of free Linux tools can recover data from even the most damaged disk drives.

I've been riding bicycles a long time, but the funniest thing happened on the way home from cappuccino-land last Sunday: I cracked up.

I don't know if I was more worried about my $1,000 bike or the blood that was trickling down my jaw when I finally dragged myself out of the intersection, but I'll tell you one thing: I was extremely surprised it occurred, and I want to make darn sure it never happens again.

How does such a thing happen to an experienced rider? Who knows? It just happens. It's like data loss. You take precautions, but suddenly, you realize a critical file has been deleted--permanently--and there is no backup. Or the drive is corrupted from a virus or hardware malfunction. Hopefully, you have a recent backup or mirrored partition--but not always. This is particularly true for those laptop warriors who think that their Dells are never going to fail. Airport security let mine drop on the hard floor after it came rolling out of the X-ray machine at John Wayne Airport in Orange County , California, a couple years back. It was in its carrying case that, I suppose, looked like a carry-on, so what the heck. Fortunately, it was an HP and built like a tank.

But data loss can--and does--happen, so what are your options if it does? One route is to use open-source data recovery tools to try to recover the lost files or partition. There are different scenarios, and your approach may vary depending on what happened. Accidental data deletion--a boo-boo--is the single most common reason for files getting up and flying away. On a PC or laptop, you generally can use the Undelete button or go to the trash bin to recover the files. However, once I was syncing the files on two drives, and I got the settings wrong, and the application deleted all the extra files present on the C drive that were missing from the D drive. I tried everything, but they were gone for good. You might sometimes force a hard delete, or you might delete a file from a volume that doesn't have recovery functions enabled. Recovery of these files is generally possible with a number of the open-source tools mentioned below.

More-complex recoveries include situations such as when a whole partition is missing along with everything on board, including the boot files. You can either try to recover whatever data you can find on the partition without attempting to reconstruct it or try to reconstruct the partition's metadata and remount the partition. Though easier, chances of success with the first approach may be slim indeed. There probably will be fragments (like Humpty Dumpty) but maybe not enough to put together for a boot. The second approach will likely give you a better chance for a complete recovery, but that will depend upon how much data is recoverable.

A third area of concern comes when you lose data from a removable storage device, such as a USB flash drive, or from optical media, such as a CD or DVD. You should be able to use tools to recover the data from all three of these drives. Your drive may play a role in this, so you should compare how well one drive creates an image versus another and which has better error-correction.

Where you can really run into problems recovering data is from encrypted media. If you're trying to recover something as important as your encryption key from an encrypted volume that is inaccessible, well, good luck; it's probably not going to happen. You will want to take extra, special precautions with encrypted volumes and back up the volume headers and keep them in a safe place--encrypted too.

As a general rule, whenever you are beginning to do a recovery, make sure the media is mounted as read-only. Better to make an image file of the media and save it to another drive while working from there. That way, nothing will start to perform read/write functions on the drive that has the recoverable data on it. Puppy Linux and DSL, both very small Linux distributions, can be used for mounting a volume and copying files.

Following are a few tools recommended by Serdar Yegulalp of InformationWeek that you can try out and practice with before the need arises. These are all Linux distributions, but some of them will also work on Windows data.

SystemRescueCD is a Gentoo-based distribution that has a large number of tools in a relatively small .iso file that you can boot from a CD or USB drive for recovery functions. Some Linux knowledge is required. Parted Magic boots directly into an x-Desktop and provides GUI access to many of the tools. Both of these are Linux distros specifically for data recovery and contain a variety of tools in one place. They both provide the ability to run the full spectrum of Linux applications and connect to the Internet, though they don't come with as many tools as do some distributions.

If a GUI isn't a requirement and you want a lot of heavy-duty forensic data recovery applications as well as security-oriented tools that will run from a CD, you can try BackTrack or the Knoppix-based Security Tools Distribution (STD) and Helix. The latter, also a live CD, will not mount any file systems unless told to do so.

Another data recovery tool is dd, which you can use to generate an image file from any mounted file system or device. The generic version of dd comes with most Linux distributions, but there are a couple of variations. Use dd_rhelp on top of dd_rescue to make using it simpler. Be aware that dd can also be used to destroy data, so practice a bit before doing something silly.

Other tools include TestDisk, which can do a number of whole-disk recovery operations. If you have a VMware product running, you can boot an image from within a virtual machine. The Live View tool allows you to turn any dd image into a VMware virtual machine. It caches all changes made to the image so the original stays intact.

Having these tools readily available and knowing how to use them can go a long way in recovering data after your computer takes a tumble and you wonder if all the king's horses and all the king's men are really going to ever put Humpty together again.

Chris Smith

• Email
• Site

Chris Smith was the Senior News Editor at MC Press Online from 2007 to 2012 and was responsible for the news content on the company's Web site. Chris has been writing about the IBM midrange industry since 1992 when he signed on with Duke Communications as West Coast Editor of News 3X/400. With a bachelor's from the University of California at Berkeley, where he majored in English and minored in Journalism, and a master's in Journalism from the University of Colorado, Boulder, Chris later studied computer programming and AS/400 operations at Long Beach City College. An award-winning writer with two Maggie Awards, four business books, and a collection of poetry to his credit, Chris began his newspaper career as a reporter in northern California, later worked as night city editor for the Rocky Mountain News in Denver, and went on to edit a national cable television trade magazine. He was Communications Manager for McDonnell Douglas Corp. in Long Beach, Calif., before it merged with Boeing, and oversaw implementation of the company's first IBM desktop publishing system there. An editor for MC Press Online since 2007, Chris has authored some 300 articles on a broad range of topics surrounding the IBM midrange platform that have appeared in the company's eight industry-leading newsletters. He can be reached at chriswriting@cs.com.