Can I recover a Partition remotely?
 

Hi.
If I mount a remote partition, Can I recover files on it use some tools like testdisk?

Tnx.

So you have corrupted file system. If so use foremost to recover files.

And foremost works on raw partition and not on a mounted filesystem.

While Scalpel and Foremost are good file carvers most people should rather use Photorec instead. (Some people claim to have good results with magicrescue but I haven't tested it.)
Apart from the "raw partition" remark, which is a good one as file checking damaged partitions or mounting it (and have their journal, if any, replayed) should be avoided, I should also remark that:
0) one should also first try to determine the cause of the corruption because if this due to (imminent) hardware failure then creating a backup (also see dd_rescue, ddrescue, dcfldd) should be the first thing to do (after checking one has current, usable backups),
1) one should not act but, regardless of the tool selected, first read the documentation first. For Photorec start at http://www.cgsecurity.org/wiki/PhotoRec_Step_By_Step.

Thank you.
As I said, I want to recover files on a remote partition. For example, in a local network, Mount a Remote partition and recover files on it. I can Visit computer for Local recovery but I'm Curious to know it.

Can you log into the remote machine?
Is that partition still mounted and in use?
Can you install and run software?

I would connect to remote machine and create an exact copy of damaged partition with dd. This copy may be saved locally and mounted as loop device. It is much safer to deal with image than with real hardware. You can create few copies of the image, if something went wrong, you have another copy to start recovery from the beginning. Once your files recovered, you can move them back to remote machine

Can I use "dd" for remote partition? My target use Windows and I can use "smb" to mount it into "/mnt", is it possible to make an image remotely?

---------- Post added 01-20-15 at 11:41 AM ----------

I can use "smb" command to mount the partition and my target use Windows OS. I can install software on it but I don't prefer it.

I doubt you can create image from mounted partition over smb, because smb is a filesystem-level protocol.
You need raw disk access to create exact copy.

It would be simple enough to copy partition over ssh from the server which running Linux:
or by running at server side:
But since you're running Windows at server side, it might require installing Cygwin there to be able to run dd over ssh.
http://www.howtogeek.com/howto/41560...-using-cygwin/

Added:
Though you did mentioned you can access damaged machine directly, this case you could just boot into Linux LiveCD server machine and pass copy to local machine using ssh or copy it to external usb drive directly (without packing into archive).

The problem is that the system is Windows and can't run SSH daemon :(. I want to do it without any special tool.

Windows can run a SSH daemon perfectly but (forensics-wise) you don't want to disturb a "victim" system by installing software. If this is not about forensics then there may be portable, free-to-use versions of SSHd and dd around you could use. Else indeed booting a Live CD (or having somebody overthere boot a Live CD, you're absolutely not clear on the situation) is your best bet IMHO.

Excuse me, I should install dd in Windows too?

If this is about recovery (not forensics), and if you can not or do not want to use a Live CD then yes, you could install 'dd' for Windows. See sourceforge.net/projects/windd/ or www.chrysocome.net/dd or http://www.forensicswiki.org/wiki/Dd or FTK Imager (free to use IIRC).