The old saying is if your data isn’t backed up at least twice, it’s not backed up at all. For those not wise enough to heed this adage, there are a number of options available to you if you wish your data to be recovered. Assuming the drive itself is just corrupted somehow (maybe a malicious attack, maybe a user error) and not damaged beyond physical repair, the first step is to connect the drive to another computer. If that fails, it might be time to break out the computer forensics skills.
[Luis]’s guide is focused on Linux-specific drives and recovery tools, so this isn’t necessarily a general-purpose how-to. That being said, there is a lot of information in this guide such as how to mount the target drive’s partitions, how to set up various timelines, and which of the Linux system’s logs are important for the forensic analysis. This specific example in the guide also goes into detail about noticing which of the recent files had been accessed, what they might have done, and different approaches to piecing the mystery of this corrupted drive together.
[Luis] points out that the world of Linux forensics is much different from that of Windows, but for anyone looking to get started he suggests starting with a clean Linux install and going from there. There are many other avenues of digital forensics, as well; the field has as many avenues of exploration as there are different types of computers.
dd_rescue has been a life saver for multiple of my failed drives over the year. Image your HD to a new one using dd_rescue, fsck it and mount loopback. The actual data loss in these cases tends to be relatively minor. I’ve been lucky.
Whoops, ignore that. Wrong post.
Oh, I see what happened here. The HaD article is talking about digital forensics as in “here is how to get data off a failed hard drive”, but the actual article is about “how to do a postmortem on an attacked system and identify the “what” and “how” of the compromise”
“If your data isn’t backed up then it’s not data”. Never heard your “twice” thing before.
Possible reference to the Tower of Hanoi backup schedule?
“Two is one, and one is none” or something like that. I forget where I heard it: somewhere on YouTube.
There are two kinds of people: those who backup their data and those who will backup their data.
It’s pretty obvious that the Hackaday writer has not read the article.
I encode my hd in qr codes and upload them on facebook. Let the professionals worry about backups.
Back it up twice. Redundancy is always good.
But the real message is one backup on site, another off site backup, to take care of the extreme cases, fire, flood, theft…
My 2nd is n a safety deposit box.
Thank you, Luis. Great article!
A real shame that Hackaday doesn’t aggressively promote this. It, and you, deserve much more readership/.