How To: Disaster Recovery With ddresuce
There has been many times in the past I have always fallen back on a good ol’ rescue disk to get the job done. Well, the last time that really happened, it was on Windows, so I wanted to start showcasing nice tools every so often and how to use them. Many of these, including ddrescue, can be found on useful rescue CDs for Linux such as “SystemRescueCD” Read on to learn more about using ddrescue to save your butt 🙂
HALP!, stop the press!, I lost everything!
As I said above, ddrescue is part of the SystemRescueCD boot disc suite. It is one of my most favorite toolset boot CD’s I have in my possession. My most favorite tool so far on it, has been ddrescue. ddrescue is a fantastic data recovery tool, that copies date from one file or block device (such as a hard drive, DVD drive discs and so on) to another. In the process, the tool will do its best to rescue data in case of read errors, and does so as fast as it can. Many tools take ages to run, and ddrescue is designed to do the recovery as fast as possible.
There isn’t much you really need to do after running the command, just sit back and pray! 🙂 If an error occurs, ddresuce will continue to do its fine job recovering what it can. Like many rescue tools, you can save a log file if you want, and resume paused operations. Thankfully ddrescue does not* write zeros to bad sectors, or overwrite/truncate log data if not specified to do so.
Thankfully, running ddrescue is quite easy. First, you definitely need to have another physical disk mounted to rescue your data to, do NOT use the same drive/subfolder. That is a common mistake, and as you should know… read the man page for everything, which should be ingrained in your head by now.
Terms to know concerning ddrescue:
- Block: any amount of data. Blocks have a starting position and size, and are measured typically in bytes.
- Cluster: A cluster is a group of consecutive sectors read or written at once, in one go.
- Device: This si what I refer to when you see terms such as “/dev/sda, /dev/sdb” and so on. Those are the absolute hardware paths for things like hard drives, DVD drives, and so on.
- Partition A partition is a part or “slice” of a hard drive that is sectioned out. A single physical hard drive can have several partitions, being primary or extended.
- Recoverable Formats: ddrescue can use several formats to read from, such as hard disks, or DVD’s. See ddrescue’s online documentation for more.
- Rescue Domain: This is the block or set* of blocks to acted on during the ddrescue operation. You must use the option ‘–input-position’, ‘–size’ and ‘–domain-logfile’. The default rescue domain is the whole input file or logfile
- Sector: A sector is a hardware block of a hardrive or device. It is the smallest accessible amount of data on that device. Think of it as the bare, base construct of a devices data.
Some useful tips:
- Use the log file, you’ll thank me later
- I highly suggest NOT trying to rescue a mounted, active disk. Always boot into a live cd or rescue CD first. Unmount the disk you wish to act on, and make sure it is only mounted as Read Only if so.
- GNU suggests not repairing a system with I/O errors, so keep that in mind
- ddrescue will overwrite the data on the target disk location or partition.
- Make sure to always check device names, preferably with a CLI command such as ‘blkid’ and ‘lsblk’
- If you pause the rescue operation, and reboot, hide partially copied paritions before allowing them to be touched again by any operation system that tries to mount and “fix” them.
- If copying a partition, the target hard drive should contain a similar partition type and size.
- Also of note is the ‘dd’ command, which you can review here.
The down and dirty, running ddrescue:
The syntax of ddrescue is quite simple. The options you can invoke (found in ddrescue’s help file or man page) can get more involved. The basic syntax is as follows:
ddrescue [options] infile outfile [logfile]
Some common options available:
-h, --help display this help and exit -V, --version output version information and exit -b, --block-size=<bytes> hardware block size of input device  -B, --binary-prefixes show binary multipliers in numbers [default SI] -c, --cluster-size=<blocks> hardware blocks to copy at a time  -C, --complete-only do not read new data beyond logfile limits -d, --direct use direct disc access for input file -D, --synchronous use synchronous writes for output file -e, --max-errors=<n> maximum number of error areas allowed -F, --fill=<types> fill given type areas with infile data (?*/-+) -g, --generate-logfile generate approximate logfile from partial copy -i, --input-position=<pos> starting position in input file  -n, --no-split do not try to split or retry error areas -o, --output-position=<pos> starting position in output file [ipos] -q, --quiet quiet operation -r, --max-retries=<n> exit after given retries (-1=infinity)  -R, --retrim mark all error areas as non-trimmed -s, --max-size=<bytes> maximum size of data to be copied -S, --sparse use sparse writes for output file -t, --truncate truncate output file -v, --verbose verbose operation
Common Examples: rescue an entire disk to a backup drive to an image file, with logging:
Disk to image file:
ddrescue -f -g -n /dev/sdb /root/sdb_rescue.img /root/rescue.log
Disk to Disk:
ddrescue -f -g -n /dev/sdb /dev/sdc /root/rescue.log
NOTE: Extra information can be found at:
- www.gnu.org (including examples)
- http://www.forensicswiki.org/wiki/Dd_rescue (a *comletely unrelated project with similiar aims*)
Please comment and corrections/suggestions. Moral of the story? Always keep a backup!!! I personally ‘rsnapshot’ my main system drive, and optionally store /etc to “the cloud” using the program “spideroak.”