How Linux makes data recovery easy

Recovering data isn't something any IT pro wants to face. But when the occasion arises, you'll be glad Linux is around to give you a hand.

How Linux makes data recovery easy

Data recovery: The process of salvaging data from a computer when the device housing said data is inaccessible. 

It's something no IT pro ever wants to have to deal with, especially within a data center. Why? Because data recovery could mean data loss, and the implications surrounding data loss are many:

  • Lost revenue

  • Lost documentation

  • Lost contacts

  • Lost proprietary information

  • Lost client information

  • Lost time

  • Lost confidence

The list goes on and on. In the end, when something goes wrong with a system (viruses, failing hardware, corrupt or broken operating system, etc.), it's on you to recover the precious data saved to that local drive. This could be on a desktop or a server, an end-users machine, or the system housing your company database/web/cloud.

SEE: Kubernetes security guide (free PDF) (TechRepublic)

The truth of the matter is, it's not a matter of "if," but "when" you're going to wind up having to recover data. Although the cloud has made this a bit less daunting (with the ability to sync your data to cloud servers using little effort), you can't always count on the cloud and, in some cases, you might have data you don't want hosted on a third-party server.

So when you are tasked with recovering data, where do you turn?

For many, the answer is Linux.

But how can one operating system make the recovery of data from another even possible? You'd be surprised at just how easily this can be done. So long as a hard drive hasn't catastrophically failed (at which point you'd be either sending that data off to a forensics specialist or accepting defeat), you can recover that data without too much hassle.

Let me explain.

Welcome to the Live distribution

One area where Linux has shined for years is the ability to test out a Linux distribution before it's installed. This is done by way of what's called a Live distribution. How this works is simple: When you boot up a Live distribution (of which most modern Linux operating systems are) you'll see something akin to what Ubuntu offers (Figure A).

Figure A

recovery1.jpg

The Ubuntu Desktop Linux installer makes it easy to start a Live instance.

By clicking Try Ubuntu, you launch a live instance of the operating system. What does this mean? A live instance runs completely in the system's RAM, so nothing's changed on the hard drive of the machine. In other words, if that machine has Windows installed on the local drive, Windows will still be there, only not running. 

This is where things get very helpful.

Live instances give you access to all of the tools available on the Linux operating system, as though it were installed on the drive. That means you can mount directories and copy files. 

See where this is going? If not, let me explain.

The process of recovering data using Linux

Let's say you have a Windows 10 machine that, for whatever reason, will no longer boot. You've tested the hard drive and nothing is coming up wrong, so the issue is either the motherboard or Windows itself. 

And there's data that you must have on that internal drive.

To recover that data, you burn a Linux distribution onto a flash drive (using a tool like Unetbootin), insert the flash drive in to the system in question, and boot from the flash drive. When prompted, click Try Ubuntu (or whatever nomenclature your distribution of choice uses). Once the live instance is up and running, you then must locate the drive in question, which can be found with the command:

sudo sfdisk -l

This command will print out a list of all drives attached to the machine (Figure B).

Figure B

recovery2.jpg

Finding the location of the drive housing the inaccessible data.

As you can see, in Linux, drives are labeled in the form of /dev/sdX (where X is a letter). This is where things can get a bit tricky, especially if you have multiple drives attached to the unbootable machine. If there's only one drive, chances are good it'll be labeled /dev/sda. If there's more than one drive, you'll probably have to take the time and mount all of the drives, until you find the data in question.

To mount a drive means you are mounting a drive to a directory, so the data is accessible. Let's do that. 

First open a terminal window and create a temporary directory with the command:

sudo mkdir /data

With the directory in place, we can mount the drive to it. Let's assume the drive is an NTFS file system, found on /dev/sdb. To mount this drive to our newly created directory, we'd issue a  command like:

sudo mount -t ntfs-3g /dev/sdb1 /data -o force

Why the 1? Because, most likely, your data is housed on the first partition--unless the drive was partitioned differently. For this, you might have to use a bit of trial and error, such as:

sudo mount -t ntfs-3g /dev/sdb /data -o force

or 

sudo mount -t ntfs-3g /dev/sdb2 /data -o force

Eventually, you'll succeed in mounting the Windows drive, which means all of the containing data will be found in the newly-created /data directory. You can either use the command line or the file manager to navigate into that directory. You should then see folders such as:

  • Documents and Settings

  • Program Files

  • System Volume Information

  • WINDOWS

What to do with that data?

Once you have located the folder housing your data from the Windows drive, you can easily copy it. To do that, plug in another USB drive (leaving the one with the Live distribution in place) and click on the entry in the left pane of the file manager to mount that drive (Figure C). 

Figure C

recovery3.jpg

A USB drive in the Nautilus file manager.

Navigate to the folder housing the data to be copied (say it's named client_data) and right-click the folder in question. Select Copy from the menu (Figure D).

Figure D

recovery4.jpg

Copying the client_data folder housed in the WINDOWS directory.

Once the data finishes copying, navigate to the newly attached USB drive in the file manager, right-click somewhere in the right pane, and select Paste (Figure E). 

Figure E

recovery5.jpg

Pasting the data from the inaccessible drive to a USB drive.

When the data pasting has finished, you can then unmount the USB drive containing the copied data by clicking the upward pointing area associated with the drive in the file manager left pane. 

Congratulations, you just recovered data from an inaccessible Windows drive using Linux. Copy that data to a working machine and you're back up and running.

Also see

videoistock000031314036small.jpg