Did your screen just turn black or your laptop freeze without warning? Maybe your hard drive has started chirping. Worse yet, maybe you suddenly can’t save to your home partition.
All these signs of a corrupted or failing drive can cause you to sweat, but there’s no reason to immediately throw away your computer. Keep reading to learn about five Linux tools that can help you retrieve your data and get your digital life back on track.
While ddrescue isn’t a data recovery tool in title, it should stand as your first step in the journey to retrieving your files. Ddrescue creates an image of your corrupt drive or partition so you can analyze a copy of your broken disk.
Always copy your disk to a separate image before you begin file recovery operations with the tools listed below. The more you use your actual failing drive, the more damage you can cause it.
What you see here is some output of ddrescue in action. In the first command, it copies the entire disk to an image named “backup.img.” The second command then copies only the bad blocks to that same image, passing over those blocks three times each to try to read them.
When you run these same commands, always use a logfile. Backups can take hours or days to complete, and without a logfile, any interruptions will make you start the process again from the beginning.
When this process is complete for your own disk or partition, you can mount the copied image and use the following utilities to retrieve files from it. Further use of our other Linux recovery tools in this article will grab data from the same “backup.img” created here.
Foremost uses the data structures of common file types to retrieve data. You can either scrape an entire disk image for all its files or specify certain file types you’re most interested in.
What you can see here is the output of Foremost in verbose mode (the
-v option). The
-t option searches for file types of jpg, and the
-o options mark the respective input file and output directory.
You can see that Foremost analyzes the image ddrescue created in the previous step; that image has a number of JPEGs in it. Foremost was able to find ten such files, and when it was done scraping the image, it copied those ten files to the stated output folder.
Scalpel, originally based on Foremost, aims to be frugal in its operation. It uses multi-threading and asynchronous input/output to search through images in an efficient manner. Moreover, it gives users the power to specify the number of footers and headers they wish to use for file recovery.
Users can also specify the types of files they want to recover by editing scalpel’s configuration file. The default configuration produces a lot of output, even without verbose mode (-v parameter) turned on.
In that screenshot you can see the final output of scalpel’s analysis of “backup.img.” The basic command (listed at the bottom of the screenshot) requires only an output directory and an image for analysis.
PhotoRec strays away from its competitors by focusing on the recovery of photographs, videos, and text documents. It also works as an interactive utility within the console itself. Check out all its majesty
The initial PhotoRec command must specify a desired image (our backup.img) and output folder. PhotoRec then drops the user into its graphical environment. The screenshot here shows the image size. In further screens it asks for the disk’s partition type and whether or not you want to search the entire image for files.
Finally, we come to grep. This may also not seem like the most straightforward of recovery options, but grep has the power to find deleted or lost text files by searching for strings present on a block device or disk image.
A file exists in backup.img called “myfile.” It contains only one line of text: “This is the file I will try to recover.”
Grep uses that string as its starting point for file recovery. Alongside a few other parameters, you can see that, in this example, it dumps the found string into a new binary file named “foundtext.”
In particular, you will want to pay attention to – and modify – the
-C parameter which prints extra context surrounding the string in the initial command. This example command tells grep to find one line of text before and one after the provided string.
-C 200, grep would find 200 lines both before and after a string. Such reach is unnecessary here, but it could be important for larger text files with hundreds of lines. You will, of course, need to know the text of your own files so grep has a starting point to begin its search.
Grep will generate a binary file as its output. Still, some parts will be human-readable, such as this example’s desired line of text near the bottom of this screenshot. It will be your job to manually scrape out the data you need. It’s tough work, for sure, but it beats the alternative of having no file at all.
In summary, be sure to first copy your drive or partition with ddrescue, then work on that copy with any of the other Linux recovery tools you need. Don’t be afraid to try more than one tool, especially if your first choice didn’t find the data you wanted.
Be patient. With any luck, you’ll have your precious files back before you know it.