Author: Mary E. Tyler
LéBrecage was repartitioning his hard drive so he’d have room to compile OpenOffice.org. “Some kind of interaction between GParted and Partition Magic 8 obliterated most of the superblocks,” says LéBrecage. “The home recovery methods I knew didn’t work.”
LéBrecage checked his backups, but they were corrupted. “The MD5s wouldn’t sum,” LéBrecage explains. At that point, he stopped, which is exactly the right thing to do. The more damage there is to the drive or its data and structure, the harder and more expensive the recovery.
Fortunately for LéBrecage, over the last few years, several major drive recovery services have started supporting Linux filesystems. To date, Kroll OnTrack alone claims more than 1,000 successful recoveries of drives with Linux filesystems. LéBrecage’s disaster seemed like a prime opportunity to test out OnTrack’s drive recovery services with an actual messed-up hard drive from a Linux machine.
At intake, Ontrack asked LéBrecage for specific information about the drive: What sort of data was on the drive? How many partitions does the drive have? What filesystem was used for each partition? Was the drive part of a RAID? What operating systems were installed? What data was most important?
|
When data loss is imminent… If your drive is fire- or water-damaged, physically damaged, or if it is clicking or grinding, stop. Power down and remove the drive immediately. Trying to massage a mechanical failure is a sure way to lose your data. Those clicks are the sound of the drive heads grinding your data off the platters. Best to leave these cases to a professional. If your drive is smoke-damaged: Get the data off it as soon as possible and replace the drive. Smoke from household (or worse, electrical) fires degrades the seals in a hard drive, causing it to fail unpredictably. While the drive may continue working for a time (a drive of mine worked for two years after a fire before it failed), it’s never going to be anything approaching reliable. If the drive is not physically damaged, but suffered an adverse data event such as deleting data by accident or formatting over data, you can try various software-based recovery techniques depending on which filesystem you use. Free software is available, as well as many commercial software recovery solutions that start at $200, including those from OnTrack. While shopping for a replacement hard drive, LéBrecage spent some time thinking about just how important the data on his old drive was. “One partition was just stuff I downloaded off the Internet: pictures, jokes, other things the average red-blooded guy might have on his hard drive. I decided that stuff wasn’t worth paying for,” says LéBrecage. “But the 8 years of software development — all my code, everything — that I needed. It’s my career.” Will they look at my pr0n? In case you’re wondering who’s poking around your data, OnTrack is US government-approved to handle sensitive, confidential, and classified material. OnTrack’s secured facilities require badge access and have security cameras, and the company screens the background of all employees. The engineers deal with file structure, not file data. Unless you ask OnTrack to validate the condition of files after recovery, the company doesn’t look at specific data. It is possible that engineers will see some of your data, but not to worry — your credit card number and other “important data” is safe. OnTrack has a confidentiality agreement, and will not disclose your data to third parties, with one exception: OnTrack will report any illegal material (such as child pornography) if it is found. |
When you simply must have your data
“It’s crucial to give them as much information as possible,” says LéBrecage. “Be as specific as you can. If you have a Windows partition you need recovered, let them know, as the Linux team overlooked mine.”
Jim Reinert, senior director of software and services for Ontrack Data Recovery, confirmed this via email. “If we receive a drive that has five Linux filesystems on it, and the data contained in those filesystems nearly fills the entire capacity of the drive, we assume that the Windows partition is not needed.”
However, ask and ye shall receive, seek and they shall find. If you have another operating system partition on the drive, Ontrack can recover Windows and Mac data as well.
Once LéBrecage had a tracking number from OnTrack, he mailed the hard drive in according to their directions and settled down to wait. As recoveries go, LéBrecage’s was relatively easy. It took about a day, once the drive rose to the top of the service queue.
Discounting the inefficiencies introduced by writing this article, the whole process was a week roundtrip, including four days shipping time and two days in the shop over a weekend (we didn’t ask for weekend service). According to Reinert, had LéBrecage been charged for this recovery, the price would have been $1,295, with the normal range for recovery being $900 to $2,500.
Recovery rates vary with the condition of the drive: how much data is overwritten, the degree of physical damage, and the original drive format all make a difference. “Using LVM — which could have prevented my drive debacle altogether — also makes data recovery more difficult,” says LéBrecage.
“This is because a logical partition may occupy non-contiguous cylinders which can make recovery of more than snippets unlikely.” Because LVM stores data in bits and pieces of free space to transparently store data over several partitions, it’s nigh impossible to put all those pieces back together once you’ve lost the directory structure.
The initial choice of filesystem also affects the degree of data recovery, especially when the inodes (the filesystem’s basic record structure) are mangled. Ext2 generally recovers better than ReiserFS, XFS, Ext3, and most other Linux filesystems. Typical recovery rates, even for badly damaged drives, are still in the 50 to 70% range.
Which drives are recoverable?
Recovering only 50% of your MP3 collection might not be worth the recovery fee. On the other hand, 50% of your customer database or 70% of the photos of your kid growing up may be priceless. OnTrack returns the original drive and whatever data they were able to recover on DVD-Rs (other formats on request).
According to Reinert, LéBrecage’s drive yielded a total of 9.5GB of data in 250,742 files — about 90% of his Linux data. “I didn’t get everything back,” says LéBrecage. “Some stuff was overwritten. That’s gone forever. But I got back what was important to me. Eight years of source code came back intact.”
LéBrecage reloaded the data from the DVDs using cpio. He followed directions on the OnTrack Web site, accessed the man pages for cpio, and made a couple trips to Google for cpio+tutorial. Once that was done, he was set. “I was able to resume development as if nothing happened,” says LéBrecage, who has sworn off computing under the influence. “Being able to recover these files saved my career.”
