Making a forensic data recovery of HD drives isn’t easy. Most don’t understand the particular value in their drives having become destroyed and how to make a recovery of them wisely.

I’ve tried the doing rescue process on my 500GB drive with little more lunch to it as I was putting out the USB connector through one simple mini HDD case, and I’ve disconnected it and ran this type of bash down on this tutorial on Linux.

You can also do this in Windows by having an Oracle VirtualBox installed using shared folders. Else it’s a long project to extract right.

If you want to share and earn points pleaseloginfirst

Recommended is to use a 3.0 USB drive connector and not a 2.0 USB for speed.

You can do this process on a DVD if you are able. I recommend using banana peels to smear all over the DVD and then recover it. Things like toothpaste might as well work, but you are limited to small holes. Also, you might want to use apple in the process.

Somehow even the best is soap. Somehow soap might be the best option; you will have to do the process by applying soap and then, in an easy way, recovering the DVD. Somehow there is a glue for the same process. But it is often hard enough to do the procedure. You will one day become a master in this, so don’t worry too much about it.

Donate to deaLazer: paypal.me/dealazer

So starting, you need at least 512-1024 bytes of your first drive information. But you also need at least some megabytes of first place on the drive. Sometimes this data can be destroyed, and somehow you will not be able to withdraw files from the drive.

In such a way, you will have to edit the same specific drive with a boot editor and perhaps replace the data with at least a good or better boot sector. There is no need to extract all the partitions or the drive itself. You need just one good partition on the drive added into the /dev folder.

https://gnuftp.uib.no/ddrescue/

You can download v. 1.16, which is the best version, in my opinion. To install, extract the files, do these commands to install:
./configure
make
sudo make install

to uninstall use:
sudo make uninstall

While you do the process, you will need many spans of retries for the drive to be extracted into a file.

Remember that you need to install gddrescue files in the Linux virtual machine. These are by sudo apt-get install gddrescue command, or perhaps you have only Linux installed.

This is the slow process you will ever run since it’s taking care of all retries to achieve the best possible takeout of sectors.

However, it would be best if you did not run this for a more extended period of time. As there is a better solution afterward, you have scraped about 1% of the drive in this tutorial at the following setup of code.

sudo ddrescue -c 1 -d -n /dev/sdb /media/sf_DINN/testrive.img log.logfile 

The options used above:

  • -c : 1 Cluster Size to 1 “slow process”
  • -d : Direct mode and thus better than a default run
  • -r -1 : this will set retries to unlimited. This is needed when you have finished the first round with errors on the drive. Making errors go away after several retries to the drive.
  • -e +0 : exit after one error “you don’t need this now.”
  • -T 20s : Since this option is to turn off the program when it reads errors for 20 seconds. This will enable you to turn the program off if you hit on errors. The first 1% of the drive is essential so wait with this. As it writes an error.
  • -M : because of this, you can later use -A again mode or -R reverse, but as with all tutorials, there is a problem, and this is what I don’t know how works.

Don’t use -c 1 unless you are scraping for at least the first 512 bytes and 512 after. It would be best if you had the boot sector, and it’s the most important one to be able to run the drive. As well as a few megabytes of it in the first moment.

The option of ddrescue of bytes from 512 to a lower amount does not work.

Pushing the CTRL + C button, you need always to do it once. Please wait till the program stops on its own; since you can waste a whole day pushing out the required information to be written to disk. If files don’t get written, the entire project needs to restart with a new image file and logfile.

Increasing the -c to 1? to 64 will increase the read from 300KB/s to 16000/KB/s and make the process faster.

But you will get a higher amount of bytes marked as insufficient, and thus you need to run the process: -c 1 at the end of the work. If you have a long time with the process, do just -c 1 from start to end. As errors will be much minor

If an error occurs, you need to run the -c 1 with -r -1 retries up to even more. But you can use the option after five errors have been shown. And mark all these.

After you finish the drive, a program called Active@ File Recovery, which you most and for all should use based on the easy way it quickly finds files. It will also be possible to see nearly all files rapidly. But your files folder will have deleted files as well, which can be withdrawn easier than ever before and fast.

You would find it more quickly than even Explorer in Windows, like inΒ  2 minutes, and you see nearly find all files in the drive. It’s not a free product. It’s cheap and does tend to be used by people who have at least some dollars to pay for this program. When things are important, people often have money.

So here is as well this entire procedure on ddrescue. I believe that there is simply one more additional code due to this program. The possibility to do it well. Somehow it’s not a necessary code, but it might help better for recovery. You will have to useddrescuve /help option or visit back on this tutorial on your own.

But here is how I did try this option of the drive for a faster process:

ddrescue -d -c 64 /dev/drivepartition file.img log.logfile

You can use a sh script file and run the file with sh for a fast and quick opportunity to rescue the disc. It contains this line. Just repeat sudo ddrescueΒ andΒ sleep 3 A few more times. The sleep is used to make the drive rest some seconds for the needle to relax:

Here is a suitable file for fast use:
Since the -T 20s Is active the fundamental error that is happening sometimes is because the reading needle is filled up with particles, and so on it can read a problem when a sleep of 3 seconds is needed. Then it might read it as correct.

Increase -K corresponding to precious information on disk!

#! /bin/sh -e
sudo ddrescue -c 64 -d -r -1 -n /dev/sdb3 file.img log.logfile
sleep 3
sudo ddrescue -c 64 -d -r -1 -n /dev/sdb3 file.img log.logfile 
sleep 3
sudo ddrescue -c 64 -d -r -1 -n /dev/sdb3 file.img log.logfile 
sleep 3

The options used above:

    • -r -1 : with unlimited retries
    • -e +0: exit on the first error “you don’t need this unless you await errors” “it will write the error.”
    • -T 20s: exit with 20 seconds fail read if you need this optionally, but 26s is the limit before it calls it error. It will “write an error.”
    • -dΒ : Direct I/O
    • -n : no scrape. It’s essential if you don’t want to use a faster process when having errors on the disc. That process to use -K 64KiB is devastating and creates holes in data that are hard to fix. And should be avoided using without the -n.
    • -c 64 : faster process size of clusters around 16mb/s. Setting this to 128 or default off. You will get 30mb/s.

Run sh with 3 seconds sleep after this.

If an error is consistent and you can’t fix it, run this program without -e +0 and then if you perhaps have 2 or 3 of these to run. Try the option without and wait for the following error with -e +1. So make ./run1.sh and ./run2.sh as your code to run, and in start.sh use the first two times -e +0 so then just run the sudo ./start.sh

You can useΒ -R after finishing with the option -A once, that will reverse and remove all error-size and start again backward. It means it will read errors differently, starting at the end of the drive. And that is undoubtedly an excellent option to attend with since it will read errors differently and possibly correctly.

Many people with Bitcoin wallets happened to have coins hidden in their folders, but the HDD was malfunctioning. This due process is to be taken considerably in slow cluster size.

So after you’ve finished copying the drive with errors? Use this option at the end and start again with options once, and you know later what to do.:

ddrescue -d -c 1 -T 10s -n /dev/drivepartition file.img log.logfile
sleep 3

With nonfunctional drives, you need to spin up the momentum with just a drill tool. Often it’s not possible to use the drive since it does not spin correctly.

And the drive is sometimes what goes wrong with any drive. Still, if you opened the drive and removed all dust in a free dust environment, there might be a slightly better chance.

Then maybe additional help with the drive might work. Perhaps some drives malfunction the day you open them and realize the pin that reads the drive is loose.
in post quote

If you want to share and earn points please login first

Forensic Data Recovery HDD Drives to Diskettes

About The Author
- The greatest movement will be done by vocalization of the great knowledge one can get. Musical interest in unknown artists is so low that most fail being them.

9 Comments

  • Jasmina Aluin Cock
    Reply

    I like it whenever people get together and share views. Great site, stick with it.

  • Donny Rhett Abott
    Reply

    Greetings! Very helpful advice within this article!

  • Patrick Winters Dc
    Reply

    Everything is very open with a really clear explanation of the issues. It was really informative. Your website is very helpful. Thank you for sharing!

  • Risa Wright Zela
    Reply

    My programmer is trying to persuade me to move to .net from PHP.

  • Nalani Hillyer Buckie
    Reply

    I quite like reading an article that can make men and women think. Also, thank you for allowing me to comment.

  • Edith Fred Corabel
    Reply

    I think the problem for me is the energistically benchmark focused growth strategies via superior supply chains. Compellingly reintermediate mission-critical potentialities whereas cross functional scenarios. Phosfluorescently re-engineer distributed processes without standardized supply chains. Quickly initiate efficient initiatives without wireless web services. Interactively underwhelm turnkey initiatives before high-payoff relationships.

  • Blanca Christophe Alon
    Reply

    I am so happy that I located your blog today. You have supplied some fantastic info on a topic that specifically matters to me. Your understanding has actually altered the way I checked out it and I enjoy to have my mind broadened. I will certainly be looking into even more of your blog posts.

  • Shaina Alric Myrna
    Reply

    After looking at a number of the articles on your web page, I seriously appreciate your way of writing a blog. And especially this about forensics.

  • Putnam
    Reply

    I have recently started a site, the information you provide on this site has helped me greatly. Thank you for all of your time & work.



You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>