Recover data from hidden partition

Networking/Security Forums -> Computer Forensics and Incident Response

Author: rosachs PostPosted: Tue Mar 10, 2009 11:31 pm    Post subject: Recover data from hidden partition
    ----
Good Day!

I tried using Acronis true image to create a secure zone hidden on my Vista laptop (ACER 7520-5185) ....but after re-starting, my C drive has vanished!...the system hangs at a blinking cursor & will not boot to OS.....then downloaded/burnt Acronis disk director demo/recue media & booted from it. It shows my C drive as having "File system: none", 0x6 FAT16.

My Data D drive(extended partition) shows up as NTFS, & is visible but no OS on it. Is this situation salvageable? I have not formatted C drive, so can I recover my data from it somehow although it shows "no file system". Which are the better programs out there to do this?

Thanks a lot in advance.

Author: rlongLocation: Vancouver, Canada PostPosted: Thu Mar 12, 2009 7:30 pm    Post subject:
    ----
rosachs,

Where did you try to create the hidden zone, C or D? Did you get any error messages or instability prior to restarting?

The first thing I would do is create a backup image of the entire disk (before using Acronis in the first place). However, I would still suggest making one now to ensure that any attempts at fixing do not mangle things further and decrease your chances of recovery. I prefer to use a Knoppix LiveCD for this but there are many other tools.

To create the image, boot from the LiveCD, connect an external HDD that will hold the image. The external drive should be mounted and the laptop drive should be unmounted. You can confirm/change these settings by right clicking the respective desktop icons. You may also have to make the external drive writable, also by right clicking. Then open a terminal window and type
Code:
sudo -i
dd if=/dev//sda of=/mnt/sdb1/backup_img.dd

*Remove the second '/' after dev*
This may take a while but will make a complete image of the laptop drive which will include all data inside and outside of partitions. Once this is done, while still logged in as root, I would run
Code:
gparted

and see what it says about your partitions, filesystems, etc. It should also be possible to retrieve many or all of the files from the mangled partition by mounting the .dd image. There are plenty of tutorials on how to do this. After retrieving the files you want you could simply format the partition and reinstall the OS. Let me know how it pans out!



Networking/Security Forums -> Computer Forensics and Incident Response


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group