ddrescue and moving files help
 

so i had to recover a bad drive, i used ddrescue in ubuntu. of a possible 114 gigs it recovered almost all with the exception of 7mb. well, now there is a 114gb .img file in on a ext3 partition that i also have copied to a ntfs drive so i have access to it in vista. but for the life of me i cant mount the .img file in either ubuntu or vista, i have tried EVERYTHING, winrar, magiciso, daemon tools in vista and the loop trick in ubuntu. can someone please help, its 114 gigs worth of mp3's i just want them =(

edit: to give some more info that might be helpful, the image is called "rescue.img" and its located in /media/linux_backup/rescue.img and its about 114GB, i tried doing this command

sudo mount -t iso9660 -o loop /media/linux_backup/rescue.img /mnt/rescue

but it gives me this error

mount: wrong fs type, bad option, bad superblock on /dev/loop1,
missing codepage or other error
In some cases useful info is found in syslog - try
dmesg | tail or so

so this is the message i get from dmesg | tail

[17179616.380000] eth0: no IPv6 routers present
[17179617.668000] usb 2-2.2: USB disconnect, address 7
[17179617.800000] usb 2-2.3: USB disconnect, address 9
[17184555.396000] loop: loaded (max 8 devices)
[17184555.508000] NTFS driver 2.1.27 [Flags: R/O MODULE].
[17184555.540000] NTFS volume version 3.1.
[17184865.856000] agpgart: Found an AGP 3.0 compliant device at 0000:00:00.0.
[17184865.856000] agpgart: Putting AGP V3 device at 0000:00:00.0 into 8x mode
[17184865.856000] agpgart: Putting AGP V3 device at 0000:01:00.0 into 8x mode
[17185252.028000] Unable to identify CD-ROM format.


update: when trying to replace iso9660 with ntfs when mounting i get this error when trying to access /mnt/rescue

You do not have the permissions necessary to view the contents of "rescue"

new update: i tried to do a "sudo ls /mnt/rescue" it actually lists my directories

so i tried to do a "sudo cp /mnt/rescue/folder /media/new (which is a ntfs drive with ntfs-3g) and i get this error
cp: cannot stat `/mnt/rescue/gaming.music': Input/output error

also tried 'sudo cp -r' command and it recovered 1 15mb folder.

i will appreciate anyhelp.

You and I are in the same boat
Except mine has a leak.
What you are looking for is a application called Foremost that can be got from here (pardon my french):

http://foremost.sourceforge.net/

Or you may be able to install it from Ubuntu repositories, I'm going to try the tar source because I kept getting errors with the older version 1.1 that comes with Mandriva 2007. Any way, there's allot of reading to figure out how to use it but it is meant to do exactly what you need to do. Mount a dd image to recover files. I thought I had a big collection of mp3's with upwards of 25MB. Also, here is a useful thread, maybe:

http://www.linuxquestions.org/questi...d.php?t=417651

And another useful page:

http://www.forensicswiki.org/wiki/To...#Data_Recovery

The reason I say my boat is sinking, is because I don't have enough room to make an image like you, so I have to work right off the drive, which Foremost can do also, and it is a USB drive.

Best of luck, keep in touch, report your success, might help me recover lost customer data on my USB. If I don't recover it, I'll have to give them a rain check on another clean up job. Which is not a big deal, it's just that I hate giving a customer bad news, hurts the business.

i will definetly try foremost, can you give me an example of how it is used in terminal if my image is '/media/linux_backup/rescue.img' thanks!

Like I said, we are in the same boat, I'm looking for those same answers. :D

I was having Segmentation faults errors with both the Mandriva repo version1.1, and installed the tar source 1.4 in a second (playground) copy of Fedora. So I just finished re-arranging things on my HDD and made a 94GB dd image of the USB drive's partition with the data I need. Now it's time to play, as soon as I can get anywhere, I'll let you know. I'ts kind of a tough one, some say you have to use the foremost.conf file, some say not.
????:scratch:
Maybe I have to move over to my 32bit Mandrake to avoid those errors.???:scratch:

yea i also read you have to make changes to the foremost.conf. well im playing with the knoppix-std.iso now and ill keep you posted, guess you do the same, we'll help eachother =)

Well, so far I've done a few scans but not much come out of it, the .jpg images retrieved are not readable. It could be because I made a dd image of a Fat32 partition on a ext3 partition or did not use the right dd command in making the image, trying different things. Right now I made an exact same size partition and did not format it and am now doing an exact dd copy rather than an image.
But basically what I did is un-comment one of the .jpg entries in /usr/local/etc/foremost.conf where it was installed on mine, the example below is only a small part of the foremost.conf file:

I removed the hash (#). When I do all thre .jpg entries I got a ridiculously large folder that plugged my system, and I know I don't have much more than 1GB of .jpg photos.
So my image was on a ext3 partition /dev/sda4 called /mnt/win, the image is called "vault.img", and to put the retrieved files in /home/user/ I issued this command:

The -i is the input location/file and the -o is the output, the "recover" folder was automatically created by foremost. Earlier I was trying to include the file types in my command which gave me the Segmentation faults as I understood in the documentation you can do, but apparently it goes strictly with the foremost.conf file.
I did not see an entry for .mp3 in the foremost.conf but have read on the net that some people have done it, going to have to Google that one, once I'm finished going after what I want, I'll play around with the .mp3 side and let you know if you don't find out first and tell me.

EDIT: For some reason I can't get foremost to read directly off the USB drive, it just seems to hang there.

SECOND EDIT: Upon further investigation, in the foremost.conf for this 1.4 version does have 5 entries for mp3, and it appears foremost still hangs trying to read data in a partition that is not an image file. Going to have to try other commands.

great, i am going to give this a try. i tried dd cp from the image also, and no luck, it really screwed up my system so i had to format the partition again. im going to try the method you are trying also. report back with your friends, together we will overcome our obstacles! =P

Well
I moved over to my Mandrake 10.2 32bit OS, I downloaded and installed the foremost 1.1 version via the link Soren provided in the thread link in my first post. I plugged the USB hard drive in because Mandrake could not see the Data partition that was now a dd copy of the USB, different size of partition, so I avoided editing things and read the USB hard drive instead. I issued this command using Soren's as an example with one .jpg entry of the foremost.conf file which was installed in /usr/local/etc again:

This is what happened to my customers pictures.
I copied all there data into my external USB drive, wiped out their hard drive (write 0,s), re-build and updated the OS. Then I went against protocol, because their data was only about 26MB, I opted to move the folders back into their computer instead of protocol which is to copy them over and delete the ones on my USB after delivery. Something went wrong and I deleted the folder on their computer forgetting that I chose "Move" instead of "Copy", when I went to copy again I freaked, wanted to slap my self in the side of the head but held back. So un-delete software could not retrieve them because they were not deleted, they were moved.

After running that command, I got 33651 jpg photos, most all readable, and most important, I see the customer's faces in allot of them, they are just little thumb nail photos so they must have had them in some sort of slide show or something. Will have to call tomorrow and ask, maybe I can pull out the slide show or movies in one piece.

So I'm not sure if it was the 64 bit OS's that gave me bad results or if it is the foremost 1.1 version that worked, non the less, I'll keep digging with Mandrake 32 bit.

Things are looking good here, going for .doc next.

Also, I'm thinking maybe the dd image file should have been mounted similar to mounting an ISO, in a loop somehow, maybe that's why I got un-readable data off it, but not likely as it seems there was just as many photos pulled out with both tries.

EDIT: Forgot to let Mandrake see the data partition through my Boot Manager after making the changes, now things are going faster working off the dd copy on the local drive.

so i ran this

foremost -v -T -t jpg bmp jpg mp3 /media/linux_backup/rescue.img -o /media/New/mp3

and it seems to have recovered all the pictures, but the mp3's it receovered were all like 7mb or 2mb and none of them would play, they all had errors.

any ideas?

In your case, I would try to do as I did and make a partition exact same size as the bad one and transfer over from the old drive, may need to find HDD real estate for that as I would not get rid of the image. By doing it that way your data will be accessible on a good drive.


Or.... make a partition the same size as the original and un-pack the image into it and whatever data that is usuable can be accessed either from a running copy of the original operating system or the preferred method: add the partition to the current operating system as a data partition.

You probably already know about Awesome's dd thread which is good reference on how to do that, but I'll drop the link here for others dropping in on this thread.

http://www.linuxquestions.org/questi...d.php?t=362506