recover lost partitions and hard disk data guide
DESCRIPTION
Recover Lost Partitions and Hard Disk DataTRANSCRIPT
Using Ubuntu Live Disk To Permanently Delete Hard Disk
Earlier, we showed you how to create a persistent Ubuntu Live media disk, and use it to reset Windows 7 admin and standard user account password and clone hard disk partitions disk via dd tool. Ubuntu provides a multitde of options to securely wipe the data without leaving any chances of recovering it back. Before you start, make sure that you’ve backed up all your important data to external hard disk. First, create an Ubuntu Live CD by following steps mentioned here. Once done, reboot your system, and set Removable USB hard disk as first boot option from BIOS menu, which can be accessed by pressing Del, F2, F10, F9 or other system-defined key. Once boot priority is changed, plug-in Ubuntu Live media disk, save changes made to BIOS, and then reboot the system. It will take you to Ubuntu boot menu, select Run Ubuntu from this USB option to load Ubuntu OS.
Ubuntu has a built-in CLI-based shred tool that requires just the path of file that you want to securely delete from the system. The shred command comes useful in instances where you want to selectively perform permanent file deletion operations. To find out more about shred command, check out our guide here.
In order to perform secure wipe operation over an entire disk or hard disk partitions, we recommend using wipe tool. Ubuntu doesn’t come with this tool installed, but you can download it by enabling community-maintained open source repository option in Synaptic Package Manager. To do so, click System on panel, and select Synaptic Package Manager from Administration menu.
It will open Ubuntu default package manager. Now, click Settings menu to select Repositories.
In this step, select Community-maintained Open Source software (universe) option, and the click close.
Now click Reload on toolbar to start downloading open source repository list.
Once the repository list is updated, use search bar present in top-right corner to find wipe tool.
Now, right-click wipe tool in main window, select Mark for Installation, and then hit Apply on toolbar.
This will open Summary dialog box, which helps you verify the changes you’re making to repository; expand To be installed list to view the tools lined up for installation. Clicking Apply will start the installation process.
Once the wipe tool is installed, close Synaptic Package Manager. Now, you need to mount the disk that you want to securely wipe. Open Places menu from panel, and select primary hard disk from the list to mount it. Once mounted, open Terminal from Applications –> Accessories menu.
In Terminal window, navigate to media, and then list down mounted drives using cd /media and ls commands. Now navigate to mounted hard drive using following command.
cd <hard disk identifier>
You can use sudo fdisk –l command or Disk Utility (accessible from Administration menu) to list down and identify the hard disk partitions that you want to wipe.
In Disk Utility (which is accessible from System –> Administration menu), select your primary hard disk from left sidebar, and then select the partition from main window to view the disk identifier and other attributes such as total disk capacity, partition identifier, partition type etc. Note down the device identifier and move to Terminal window.
The wipe tool requires disk identifier to perform the wipe operation. The syntax to securely wipe the data via wipe tool is as follows:
sudo wipe <disk identidfer>
If you for instance want to wipe /dev/sda5, enter sudo wipe /dev/sda5 command. It will ask you to confirm the wipe operation. Type ‘Yes’ and then hit enter to begin the disk wiping operation.
The time it takes to completely wipe the disk depends upon the size of disk. Once finished, mount the disk again to verify the disk wipe operation. Apart from permanently deleting the data, wipe command fills the disk with random data. To quickly wipe the disk, you could use –q switch to instantly perform the operation. The –q switch makes 4 passes on each file residing in specified location. However, if you want to specify the number of passes, use the –Q switch. Furthermore, if you’re a wiping data from a specific location, you can use –r switch to include sub-directories present within the root folder. The –f switch forcibly performs the disk wipe operation. It must be noted that –f doesn’t prompt you to confirm the action, so you need to make sure that you’ve specified the correct device identifier to prevent loss of important data.
In our guide to clone hard disk, we used dd command to perform low-level copy operations. The dd command can also be used to write random data and zeros to the specified disk. This ensures that data recovery application will not be able to recover deleted data from the disk. To begin, open Terminal and navigate to media, and enter the following command to fill disk with zeroes.
sudo dd if=/dev/zero of=/dev/<disk identifier> bs=8M
Using DBAN To Wipe Out The Hard Drive & Removable Media
DBAN (Darik’s Boot And Nuke) is an open source disk wiping application that ensures secure and permanent data deletion. The application comes in ISO format, which has to be burnt to CD/DVD for performing the disk wipe operations. Supporting 6 staunch disk wipe algorithms, the application lets you specify the deletion rounds to ensure permanent removal. Usage is simple, download DBAN (link given at the bottom of the post). Once downloaded, insert a writeable CD/DVD into CD/DVD drive. Now, right-click the downloaded ISO file and select Burn disc Image.
This will open Windows native Disc Image Burner. Now all you need to burn ISO to disc to specify the CD Drive letter and then click Burn.
Once done, reboot your system into BIOS menu by pressing system-defined key at system startup. Now you need to change the boot priority. Navigate to boot menu and set CD/DVD ROM as first boot option. Once done, save the changes made to BIOS and restart you PC. It will take you to Darik’s Boot and Nuke menu. The DBAN allows you to wipe the disk via 3 modes, including manual, automatic and interactive modes. Since Interactive mode lets you easily specify the disk
wiping attributes, press Enter on boot prompt to launch interactive mode.
Upon pressing enter, it will start finding all the installed and external storage mediums. Once all disks are identified, it will list them down on main screen, letting you specify disk wipe method & number of rounds.
You can select the disk wipe method by pressing ‘M’ on keyboard. It supports a total of 6 methods including Quick Erase, RCMP TSSIT, DoD Short Gutmann Wipe and PRNG Stream. Use J and K keys to navigate between the available methods. Pressing Enter selects the method and takes you back to main window.
To specify disk wipe rounds, press R on main window (interactive mode) and specify the number of rounds you want to pass for destroying data on disk, and then press Enter to get to main screen.
Once you’ve specified disk wiping attributes, press space to select the disk followed by F10 to begin the permanent disk erasing operation.
Using Ubuntu Live Disk To Permanently Delete Hard Disk
Earlier, we showed you how to create a persistent Ubuntu Live media disk, and use it to reset Windows 7 admin and standard user account password and clone hard disk partitions disk via dd tool. Ubuntu provides a multitde of options to securely wipe the data without leaving any chances of recovering it back. Before you start, make sure that you’ve backed up all your important data to external hard disk. First, create an Ubuntu Live CD by following steps mentioned here. Once done, reboot your system, and set Removable USB hard disk as first boot option from BIOS menu, which can be accessed by pressing Del, F2, F10, F9 or other system-defined key. Once boot priority is changed, plug-in Ubuntu Live media disk, save changes made to BIOS, and then reboot the system. It will take you to Ubuntu boot menu, select Run Ubuntu from this USB option to load Ubuntu OS.
Ubuntu has a built-in CLI-based shred tool that requires just the path of file that you want to securely delete from the system. The shred command comes useful in instances where you want to selectively perform permanent file deletion operations. To find out more about shred command, check out our guide here.
In order to perform secure wipe operation over an entire disk or hard disk partitions, we recommend using wipe tool. Ubuntu doesn’t come with this tool installed, but you can download it by enabling community-maintained open source repository option in Synaptic Package Manager. To do so, click
System on panel, and select Synaptic Package Manager from Administration menu.
It will open Ubuntu default package manager. Now, click Settings menu to select Repositories.
In this step, select Community-maintained Open Source software (universe) option, and the click close.
Now click Reload on toolbar to start downloading open source repository list.
Once the repository list is updated, use search bar present in top-right corner to find wipe tool.
Now, right-click wipe tool in main window, select Mark for Installation, and then hit Apply on toolbar.
This will open Summary dialog box, which helps you verify the changes you’re making to repository; expand To be installed list to view the tools lined up for installation. Clicking Apply will start the installation process.
Once the wipe tool is installed, close Synaptic Package Manager. Now, you need to mount the disk that you want to securely wipe. Open Places menu from panel, and select primary hard disk from the list to mount it. Once mounted, open Terminal from Applications –> Accessories menu.
In Terminal window, navigate to media, and then list down mounted drives using cd /media and ls commands. Now navigate to mounted hard drive using following command.
cd <hard disk identifier>
You can use sudo fdisk –l command or Disk Utility (accessible from Administration menu) to list down and identify the hard disk partitions that you want to wipe.
In Disk Utility (which is accessible from System –> Administration menu), select your primary hard disk from left sidebar, and then select the partition from main window to view the disk identifier and other attributes such as total disk capacity, partition identifier, partition type etc. Note down the device identifier and move to Terminal window.
The wipe tool requires disk identifier to perform the wipe operation. The syntax to securely wipe the data via wipe tool is as follows:
sudo wipe <disk identidfer>
If you for instance want to wipe /dev/sda5, enter sudo wipe /dev/sda5 command. It will ask you to confirm the wipe operation. Type ‘Yes’ and then hit enter to begin the disk wiping operation.
The time it takes to completely wipe the disk depends upon the size of disk. Once finished, mount the disk again to verify the disk wipe operation. Apart from permanently deleting the data, wipe command fills the disk with random data. To quickly wipe the disk, you could use –q switch to instantly perform the operation. The –q switch makes 4 passes on each file residing in specified location. However, if you want to specify the number of passes, use the –Q switch. Furthermore, if you’re a wiping data from a specific location, you can use –r switch to include sub-directories present within the root folder. The –f switch forcibly performs the disk wipe operation. It must be noted that –f doesn’t prompt you to confirm the action, so you need to make sure that you’ve specified the correct device identifier to prevent loss of important data.
In our guide to clone hard disk, we used dd command to perform low-level copy operations. The dd command can also be used to write random data and zeros to the specified disk. This ensures that data recovery application will not be able to recover deleted data from the disk. To begin, open Terminal and navigate to media, and enter the following command to fill disk with zeroes.
sudo dd if=/dev/zero of=/dev/<disk identifier> bs=8M
Using DBAN To Wipe Out The Hard Drive & Removable Media
DBAN (Darik’s Boot And Nuke) is an open source disk wiping application that ensures secure and permanent data deletion. The application comes in ISO format, which has to be burnt to CD/DVD for performing the disk wipe operations. Supporting 6 staunch disk wipe algorithms, the application lets you specify the deletion rounds to ensure permanent removal. Usage is simple, download DBAN (link given at the bottom of the post). Once downloaded, insert a writeable CD/DVD into CD/DVD drive. Now, right-click the downloaded ISO file and select Burn disc Image.
This will open Windows native Disc Image Burner. Now all you need to burn ISO to disc to specify the CD Drive letter and then click Burn.
Once done, reboot your system into BIOS menu by pressing system-defined key at system startup. Now you need to change the boot priority. Navigate to boot menu and set CD/DVD ROM as first boot option. Once done, save the changes made to BIOS and restart you PC. It will take you to Darik’s Boot and Nuke menu. The DBAN allows you to wipe the disk via 3 modes, including manual, automatic and interactive modes. Since Interactive mode lets you easily specify the disk
wiping attributes, press Enter on boot prompt to launch interactive mode.
Upon pressing enter, it will start finding all the installed and external storage mediums. Once all disks are identified, it will list them down on main screen, letting you specify disk wipe method & number of rounds.
You can select the disk wipe method by pressing ‘M’ on keyboard. It supports a total of 6 methods including Quick Erase, RCMP TSSIT, DoD Short Gutmann Wipe and PRNG Stream. Use J and K keys to navigate between the available methods. Pressing Enter selects the method and takes you back to main window.
To specify disk wipe rounds, press R on main window (interactive mode) and specify the number of rounds you want to pass for destroying data on disk, and then press Enter to get to main screen.
Once you’ve specified disk wiping attributes, press space to select the disk followed by F10 to begin the permanent disk erasing operation.
Using Ubuntu Live Disk
Last week, we showed you how to create persistent Ubuntu Live USB, and use if for changing Windows 7 administrator and standard user account password. You can follow the steps for creating Ubuntu Live CD from said guide to recover data from hard disk and external storage mediums. Once created, reboot your system into BIOS menu by pressing ESC, F2, F10, F9 or other system defined key, and set external hard disk/USB as first boot option from boot menu. Once boot priority is changed, save changes made to BIOS and restart your PC. It will take you to Ubuntu Live boot menu, select Run Ubuntu from this USB option to load Ubuntu OS.
Ubuntu doesn’t come with TestDisk and Foremost tools, but you can download and install them by enabling community maintained open source software option in Synaptic Package Manager. This will download the list of open source software, so that you can easily find and install third-party applications. To begin, open Synaptic Package Manager from Administration menu, which is accessible from System menu.
From Settings menu, select Repositories.
This will open Software Source dialog, letting you enable an option to download open source software list. Under Ubuntu Software tab, enable Community-maintained Open Source (universe) option, and click Close.
Now, hit Reload to refresh the repository list.
It will start downloading the open source package list.
After the list is downloaded, it will start rebuilding search index. Once refreshed, type testdisk in Quick search, and hit enter. Now, right-click testdisk and select Mark for Installation.
Now, click Apply on toolbar to download testdisk. Similarly you can download and install Foremost tool; just enter the Foremost in Quick Search, right-click it to select Mark for Installation and apply the changes.
Once tools are installed, close the Synaptic Package Manager. Since TestDisk and Foremost are console applications, you need to open Terminal from Accessories menu (accessible from Applications menu) to use them.
While TestDisk is a widely-used specialized tool for repairing lost partitions, it has the ability to list down and recover deleted data from primary and removable hard disks. To begin, enter following command to run the tool.
sudo testdisk
When you run the tool, it will ask you to create a log file to save the recovery processes issues and errors. Just press Enter to create a log file, and to move to next step.
It will start finding internal hard disk and all attached removable drives. Once disk scanning is finished, select the disk that is to be scanned for recoverable data and lost partitions.
Now, you need to specify the drive partition table type from the list, which includes Intel, EFI GPT, XBox, Sun, and Mac. In our case, it’s Intel, so we will select Intel.
You will find TestDisk features in next step including Analyze, Advance (include Filesystem Utils), Geometry, MBR Code and more. Just select Analyze to analyze the partition structure and search for lost partitions.
It will first analyze partition structure and then list down lost partition(s). However, if it fails to find partitions, enter Quick Search.
After Quick and Deep search, TestDisk will be able to find the partition. It lets the user specify the partition characteristics. You can press P to make it Primary, L to Logical, E to Extended and D to Deleted, or A to add a partition. Now all you need is to press Enter to recover the partition. It will take you to main menu, where you can select Write and hit Enter. It will ask you to reboot the system to repair the lost partition of specified disk.
If you want to selectively view and recover deleted files, enter P to view all the lost files. The deleted files are shown in red color, while items in white represents current data. It shows files and folders at root location; you can change the directory by pressing R on keyboard, and then select the files/folders you wish to recover.
Recovering files and folders is easy. Select the folder/file, you want to recover, and press C. It will ask you to specify the output location where files are to be recovered. Just move to the location and
press Y to begin copying item to specified location. However, if you want to explore a folder to, let’s say, copy data to Desktop/Recovered Data folder, move to Desktop location in the list and then press Enter, it will open the Desktop folder. Now, move to Recovered Data folder and press Y to copy the deleted item to it.
The time it takes to fully recover the data depends upon the size of selected file/folder. When done, you will see Copy done! message above the list of deleted files. Similarly, you can selectively recover deleted files and folders from primary hard disks and removable drives.
Like TestDisk, the Foremost console application supports a number of file systems including EXT3, NTFS and FAT. The application was specifically designed to recover data from image of the drive. It’s recommended to first create a directory in disk where recovered files are to be stored; mount the disk and navigate to location where you want to create a folder using following commands in Terminal.
cd /media
ls
cd <disk identifier of volume>
sudo mkdir <folder name>
Once created, enter following command to begin recovering data from specified disk to newly created folder.
sudo foremost – i /dev/<identifier of disk which is to be recovered> –o /<folder name>
The standard procedure for recovering data through foremost includes –i and –o switches, which recover all the data on the specified disk to defined folder. However, if you want to specify the types of files that are to be covered, you can use –t switch. The syntax of foremost command with –t switch is as follows.
sudo foremost –t <file extension> –I/dev/<identifier of disk which is to be recovered> –o /<folder name>
Using Hiren’s Boot CD
Hiren’s Boot CD includes all the essentials tools and system formatting utilities to help you fix numerous types of PC issues, including corrupt boot sector, hard disk boot problems, invalid/corrupt Master Boot Record, registry discrepancies and more. Since it’s a Boot CD, it doesn’t require you to boot up the system with installed OS, and use the included system diagnostics packages. All you need is to burn the Hiren’s Boot CD ISO image to disc to run system performance and diagnostic utilities in an isolated and completely independent environment. To get started, download Hiren’s Boot CD ISO image (link given at the bottom of the post). Now, right-click Hiren’s Boot CD image file and select Burn disc image.
This will open Windows native Disc Image Burner. Now all you need is to burn ISO to disc to specify the CD Drive and then click Burn. Once the image is burned to disc, reboot your system into BIOS menu by pressing system defined key at system startup. Now, move to boot menu and set CD/DVD ROM as first boot menu. Once changed, reboot your system to access Hiren’s Boot CD system diagnostics menu.
If the hard disk has bad sectors, you need to run HDAT2 to identify and repair bad sectors. You will find all the hard disk related issues under Dos Programs –> Hard Disk Tools.
As mentioned earlier, Boot Hiren’s CD includes recovery tools namely TestDisk and PhotoRec. You will find these tools in Dos Programs –>Recovery Tools menu.
The PhotoRec is quite similar to TestDisk as far as usage is concerned. It’s considered as one of the most powerful data recovery application, as it ignores file system and starts searching the lost data (video images, archive containers etc). According to PhotoRec developer, it can recover data even if your media is severely damaged or formatted. It also searches for disk partitions, and lets you recover files from both only free unallocated space and full (free+used) disk space.
Since Hiren’s Boot Image in loaded from CD/DVD, the TestDisk will relatively take more time in searching, analyzing and recovering data, than running with Ubuntu Live Disk.