A little over a year ago while I was working in Afghanistan, I purchased a 1 Terabyte Western Digital hard drive. It had performed very well until it was dropped, since it has been very slow and getting data off of it has been very tedious. In today’s two part post I am going to go over the options you generally have when something like this occurs. In my case I am lucky and the drive still spins and is accessible, some people are not so fortunate and they have no other option but to send it in to a professional data recovery service.

Option One – For those of you that the drive has stopped spinning or a component has failed it would probably be best that you didn’t try to do your own data recovery, unless of course you are an expert in the field and have a clean room to try to fix it in!

Option Two – If the drive is still spinning there is a number of products that one can try. If you have used Linux before you probably have heard of “dd”. dd has a number of uses such as copying, deleting, backing up, recovering, etc. In this case we use it to take a copy of the volume in a block size pieces specified.

While you do have a number of other options, and there may be many commercial options, I didn’t want to invest any money into this project as I had lived without the data for quite some time.
Please note, this should not be tried if you are not willing to risk losing the data on the disk! I take no responsibility if this kills all of your data! This same method may not work for you.

Where do I get dd for Windows? I’m glad you asked! – http://www.chrysocome.net/dd – I recommend using version 0.6 beta 3.

What operating system did you run? Windows 7

How was the device you were recovering hooked up? USB

The first step after you download and extract dd is to open up a command prompt with elevated privileges. Navigate over to the folder containing dd.

Next you need to identify the device you wish to restore to, note that if you want to restore 1 TB of data you need 1 TB or greater of free space on the target device! This may mean you have to go purchase another hard drive, this is where the question comes in; how much money am I willing to invest knowing that I may or may not get this data back?

Next you need to identify the source of the data (the hard drive that is having problems). To do this you want to run the command “dd –list”. This will give you an output similar to the below (note mine has been trimmed down due to length):

C:\New folder>dd –list
rawwrite dd for windows version 0.6beta3.
Written by John Newbigin
This program is covered by terms of the GPL Version 2.

Win32 Available Volume Information
\\.\Volume{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}\
link to \\?\Device\HarddiskVolume9
fixed media
Mounted on \\.\d:

\\.\Volume{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}\
link to \\?\Device\HarddiskVolume7
fixed media
Not mounted

NT Block Device Objects
\\?\Device\Harddisk0\Partition0
link to \\?\Device\Harddisk0\DR0
Fixed hard disk media. Block size = 512
size is 1000204886016 bytes
\\?\Device\Harddisk0\Partition1
link to \\?\Device\HarddiskVolume9
\\?\Device\Harddisk1\Partition0
link to \\?\Device\Harddisk1\DR1
Fixed hard disk media. Block size = 512
size is 120034123776 bytes

I have found that if the drive you are trying to recover is a different size, it is easiest to locate it in the list that way if you have many drives.

Once you have identified the drive you will want to run – to breakdown the below command you are running dd and telling it to copy from the volvume and create a backup (copy) of it with a 1 MB Blocksize to the h:\recov folder, calling it “usb.img”.

dd if=\\.\Volume{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} of=h:\recov\usb.img bs=1M –size –progress

You can keep track of its progress by watching the cmd prompt Window. In my case it took almost 3 days to complete! If you are doing this with a small memory card, it may only take a few minutes.
In part two I will cover what to do with the .img file.