Hi, I have a dual boot Linux/Windows laptop, and my home Linux partition has bad sectors which need to be repaired. I just discovered Autopsy as a way of recovering my files before I fix the sectors, but I can’t access my Linux partitions. Just like in Windows Explorer, only the Windows partitions show up. How do I get around this?
Thanks!
Was the Linux partition ever working? Or did this all happen when you first created the dual boot?
The Linux partion has worked for several years, it’s been the main part of the machine I’ve used. It very recently developed some bad sectors and now I can’t start it up. I actually have two linux partitions, one for the operating system and one for all my files. It’s the one with all my files on it that has the problem, and for some reason it’s not allowing the whole system to start. So my plan is to use Autopsy from Windows to get in and copy the Linux data, but Autopsy apparently can’t see the Linux partitions right off the bat. They are both either EXT3 or EXT4 formatting, can’t remember which off the top of my head.
Ok, so if you definitely have bad clusters then that could be hindering Autopsy or any other tool from seeing the partition. I don’t know if Autopsy will address the EXT3[4] partition because Windows requires a separate driver to see it, that’s something I’d punt to the Autopsy people.
You could image the entire drive using FTK imager and then use the Windows to pull it up in Autopsy. This may work but it really depends on what/where those bad cluster are, on weather it will work.
The best thing is to attempt to recover the bad clusters. My goto tool for over ten years is Spinrite (no affiliation) it costs about $90 USD but well worth it. It has saved several of my drives from bad clusters, which made recovery from a non-bootable system. I also use it as a maintenance on all my drives, (twice a year) and I’ve noticed a performance increase on my systems after running it.
You will get the iso or create an iso from the spinrite.exe, make a bootable USB, boot the spinrite (If you have UEFI you may need to set it back to legacy bios/cmos). Run spinrite on level 2 (default) on the drive in question. The down side is expect it to take a long freaking time, days to weeks. When spinrite hits a bad sector it will crunch on that sector until all possible attempts fail, for a long time so no telling how long it will take.
Good Luck,
Dave
I’m not sure Autopsy is the best tool for this, but here’s how to try it:
You can export folders by right-clicking on them in the tree viewer and selecting “Extract File(s)”
What do you want with this Linux partition? Just save as much of your files? And then replace the disk?
If so, use a Linux live USB stick with Testdisk / Photorec on it. Use Photorec to save as much as possible from the data partition to a USB drive. SystemRescueCD is a ready made downloadable (open source) system that does this job for you, but there are many more…
If you really want to work in Windows, you might give DiskInterlas a try: https://www.diskinternals.com/linux-recovery/ I have no experience with this one.
In any case I woul opt for first making an image of the partition, with ddrescue or dcfldd (not dd). Both have the capabilities to get the most out of a disk with physical errors. After that use Testdisk / Photorec on the image. This is by far your safest bet.
Success
Remco Siderius
Thank you Remco, I will give that a try. That is what I want to do, just rescue my data. I have used Testdisk in the past, but haven’t heard of SystemRescueCD before. Thanks for pointing me in that direction! And thanks to the others for their suggestions as well.
