Best way to simulate data loss, corruption, partition wiping, etc & then "rescue" it?
 

OK,
What I'm trying to do is learn how to "rescue" a system that has been corrupted, formatted, or data overwritten, etc. in Qemu
and then try to save it with partimage, testdisk, photorec, etc.

My idea was to use Qemu to create a whatever size qemu-img, partition it and install a few distro's to it, then somehow destroy stuff, wreck the partition table or whatever, and then try to use various tools to
Rescue the system, and I would be able to learn system rescue, etc
"hands-on", but in virtuality, so no harm done.

So, if that's not a good idea, then how would I practice with recovery tools, etc without risking my own systems?

thanks

Well, I like the idea. :) As to how you "wreck" your filesystem, you can destroy your partition table by writting garbage to the MBR, for example.
dd if=/dev/urandom of=/dev/sda skip=446 bs=64 count=1

OK, I'm gonna try that:)

Now, what TYPES of corruption/damage can data recovery tools
really help with?
Like, if I dd'd the mbr, as in Uncle's post, that type of damage is easily fixed or no?

Does anyone know different ways of screwing up the OS, but still have the ability
to recover some/all?

like formatting
bad partitioning
what else?

I don't know the answers, but it does sound like an interesting experiment.

OK, well, I guess I'm gonna try different things, huh?

One question though, as I stated at first, Doing this in "virtual" land
will still be an almost exact recreation of a event happening in a real-time system-yes? Or no?

I can't really think of a better/safer way than doing it in an emulator
as otherwise I would have to use an old lappy, which is what will be used eventually, once I know what's what:)

Mmm, I should think it would near enough the same as doing it to a "real" system. And with Qemu, you can create those qcow files, that allow you to leave your originals untouched. That's one advantage.

OK, so this is my plan so far...
create qemu-img, partition and install like 5 distro's(various)

thenn...somehow destroy the partition table...I think I did that once when Playing with CFDISK, I did a partition scheme, wrote it to disk, then, instead of re-booting, I re-arranged the partition table like 2 more times, then tried to format it.
At reboot it was all screwy!:)

But, that's just 1 way....how would I find out the different ways a system can be destroyed, but recoverable?
I guess I'm off to see Mr. Google, so I'll go get a stiff drink, some indian smoke and
burn down qemu!

Good luck. :)

At work today I thought about doing the exact same thing. That is.. scary :P

The reason is that I am (As most nerds) the free computer technician in the family/community. My dads colleague lost two harddrives in a thunderstorm, and as usual he didn't have any backup. I got called in to "rescue" them free of charge (As always. Got to buy the hardware I needed tho, so now I got a cool adapter for IDE (3.5" and 2.5") and sata with including powersupply :) I got to keep the harddrives as well, but I don't trust them, so I don't know what to use them for. Except experimenting with rescuing data). The drives them selfs showed up and seemed to be alright, but the MBR was corrupt. Easy, I thought. Well, long story short, I couldn't fix it. And that was annoying. So basically now I have to learn how. :)