Hi,

This started out as a Windows problem, but I am trying to use linux to repair it and save my files. Long story short, I was overclocking and Windows crashed. After that, it wouldn't boot because it had corrupt boot files of some sort. I was going to repair, but my XP CD doesn't have drivers for my SATA drive, and my floppy with the drivers is long dead... so I'm just backing everything up so I can start anew with linux, but I need all my sourcefiles for my audio/midi recordings first

I first used ubuntu and was able to back up most things to DVD. When it came to backing up my My Documents folder, ubuntu couldn't access it. It showed the permissions as d????????? (instead of, for example, drwxrwxrwx.) I tried systemrescuecd instead thinking it might have better luck than ubuntu, but it shows up there as ?????????? (I don't even get the 'd' anymore.) I have it mounted with ntfs-3g. all the other files in /mnt/windows/Documents and Settings/<username> show up and copy over just fine. It's only /mnt/windows/Documents and Settings/<username>/My Documents that shows up funny.

Any ideas how I can get in there to back up my files? Or does it look like I'm screwed.

Thanks.

You're probably screwed.

I'd try two things

1. Get a new har drive (which you'll need to do anyway). Install windows on that drive, then try to use Windows to recover the data (i.e., use the disk manager to mount the old drive as drive 'd').

2. dd the whole disk to another, equal or larger disk & try to read from that. It's possible, though pretty unlikely, that the raw data can still be read from the disk. If that's the case, dd'ing to a new disk may put the raw data on good disk sectors from which you can read. the command would look something like "dd if=/dev/hda of=/dev/hdb bs=8M"

Other than that, if it's very important, you can try a data recovery service, though, those are usually pretty worthless.

are u not getting access to windows partition from linux operating system. Or you are not getting access to my documents folder but getting access to windows in general

I am getting access to everything on the windows partition except for the "my documents" folder.

I have tried dd, but it was not successful. I am installing windows on another hard drive now to see how that goes.

Thanks everyone for the suggestions.

Update:

I have another drive in now with XP on it, and I am able to see the original drive from there.

Here are some screenshots of computer/disk management and chkdsk results. the drive with the "My Documents" folder that I want is showing as F: (G: is another partition on that drive that was used for storage, but now shows up as "system" from trying dd to it last night.)

http://img230.imageshack.us/img230/3...esystemsx7.gif
http://img81.imageshack.us/img81/2042/chkdskfe2.gif

When I view in Windows Explorer, the F: drive shows up, but just shows a blank under the total size and free space. Disk management (as you can see in the screenshot) shows 100% free space on the drive and a blank for the file system even though it's apparently "Healthy (Active)", but chkdsk (the other screenshot) shows plenty of files and indexes. Chkdsk runs in read only mode though :\

I am going to go pick up some blank CDs so I can burn the latest beta (0.4.4) of systemrescuecd that has scrounge-ntfs on it, so I can try that out. My linux skills are pretty limited and not exactly up-to-date, so I figure that's the easiest/safest way for me to try it.

I know my problem is clearly not linux-related anymore, but until I write back with scrounge-ntfs questions or results, does anyone happen to know how I can make chkdsk run without being read-only?

Thanks again,
Seiken

I like Knoppix for this kind of thing. There's also GetDataBack NTFS version if it was an NTFS drive, and there's a fat32 version as well.

With Knoppix you are able to read almost anything that exists. If you can see the files, you should be able to burn using K3B which is included. I'm not sure how well transferring NTFS files works in Knoppix, however.

Your best bet is to do as previously mentioned and install the drive in another Windows box, only the other Windows box should be Windows XP Pro, or the equivalent in Windows Vista, or in safe mode with XP Home.
The reason you cannot access the administrators Documents and Settings is due to security. You need to take ownership of the administrators Documents and Settings folder to be able to access them. Instructions follow, they are my notes and appear to be lengthy, I did not read it all to see if there is too much info, just copied and pasted them here.

Hi,

I can't get into the security tab on my F: drive. In Windows Explorer, the drive/partition shows up, but it has a blank in place of the total size and remaining size. If I double-click on the drive, I get the following:

"F:\ is not accessible.

There is not enough space on the disk."

If I right click on it, I don't get the Security tab (simple file sharing IS disabled.)

So other than, I've tried some more things. I've tried using Windows apps like GetDataBack for NTFS, Active@ Partition Recovery, and PQ PartImage. GDB and APR are able to see everything on the partition except for the My Documents folder. I was hoping PQ PartImage would show me the MFT offset value so I could throw it into scrounge-ntfs, but it either doesn't show it or I'm not looking in the right spot.

I have tried scrounge-ntfs from the 0.4.4 beta release of systemrescuecd, and it seems to be able to pull some files, but I don't have the MFT offset value, so it's not retrieving my directory structure, and instead just dumping everything all in one directory (aka hell.) I have tried the suggested XP MFT offset of 6191356 from the scrounge-ntfs documentation, but it was no go. Also tried 32 since that is apparently what win2k uses, but that didn't work either.

Also tried knoppix, and it doesn't see the My Documents folder at all. Actually, systemrescuecd isn't seeing it anymore either, so things seem to have gotten worse. In the very very very small case though that the directory is still there somewhere, I am dying to get a hold of this MFT offset value to pop into scrounge-ntfs. Does anyone know how I can find that value?

If what you're after here is the physical location of the "My Documents" folder, you're running down a dead end road. The folder/directory is just a layer of the directory tree and the files in that directory can be spread throughout the hard drive wherever there was sufficient contiguous free clusters (space) at the time of writing.
The quote above suggests the "My Documents" folder is deleted or similar, it is probably still there but nobody including those utilities have access to it as it belongs to an administrator and is "off limits" for the user using those applications to access it (from within a Windows OS), even if you are using an administrator account from a different installation, till that administrator take ownership.
If those utilities can see everything else in that partition, that's good news. I have had Windows drive images that Windows could not access similar to what you describe. Yet when I mount it successfully in Linux I can see all including the administrators files as Linux does not adhere to/preserve file permissions in an NTFS file system. Having said that, you may want to try booting a Linux Live CD as mentioned earlier to see if Linux can see into this partition and the "My Documents" folder in question. If you have a computer with Linux installed, put the subject drive in as slave and mount the partition.

I can recommend a couple Windows ported utilities that do a wonderful job.... if of course.... Windows can mount it. The two I use on a steady basis are File Scavenger and Runtime's Disk Explorer. File Scavenger is more user friendly and when you right click on a file you want you'll get the MFT offset of the first sector of the file, not sure if it will tell you all the clusters that belong to the file, but Disk Explorer will. You can use them in a trial environment to see what's what and decide if you want to pay for them, but if Windows can't mount the partition, you're SOL with these Windows utilities.

A great open source utility which is on the Helix and Knoppix Live CD called photorec will scrub the drive/partition and retrieve files you configured photorec to recover based on the headers (file signature) of the files regardless of the partition's current state as long as the drive can be mounted, even if the partition has been re-formatted. It looks for the headers of files in each sector. Foremost works in a similar fashion and lets you add file signatures to the configuration file for not-so-common file formats, the headers of such files can be found using a hex editor with another file created by the same software as the file your looking for. Photorec is part of Testdisk, install testdisk in a Linux installation and open a terminal (maximized) and type: photorec.
I've used sleuthkit in Linux to print out a list of all deleted files and their starting sectors, I'm sure it can be used to do the same for all files 'deleted or not'. It can be installed in Windows also.

That's one of my occupations, and I don't give up easy. From experience I can safely say: If the drive spins, and the data has not been overwritten.... it can be recovered. It all depends on how bad you want it, because it takes time, and time is money. It boils down to how much you want to pay. "My" data recovery business is as useless as the clients financial situation and/or accuracy of details given in regards to events prior to recovery attempts.