Computers fail, hard disks crash and memory chips fry, irrespective of the oodles of money you've spent on surge protectors, SMPS and state of the art power backups. That's the dark side of computing.
When it's time to go, it's time to go, and it usually happens at a bad time. There's no point fretting over the loss, though. Instead, use the plethora of tools out there to minimise the damage.
Have you accidentally deleted your anniversary photos? Installed a new OS that's botched the partition table? Can't read data from an old CD? Don't panic. We'll point you to the free tools that'll help you get out of a tight spot.
Install a Linux distro – Ubuntu is a perennial favourite – then use its package manager to install the following programs. Search for the program name exactly as written to install it.
1. Photorec - recover lost files from all kinds of corrupted media
You don't have to try too hard to wipe data from your had drive. A misplaced space in the 'rm' command will do the trick. At least graphical environments are a little more forgiving, letting you restore files you've trashed accidentally. But what about the holiday photos that were stored on the CF card you just flashed?
PHOTOREC: With the size of modern hard disks, don't be surprised if Photorec finds a file you deleted weeks ago. It can find files in over 300 popular formats.
That's where PhotoRec comes in handy. It ignores the filesystem and goes directly after deleted files on hard disks, optical discs, USB drives, memory cards and even portable music players such as iPods. It reads blocks of data in FAT, NTFS, EXT2/3 and HFS+ partitions, and looks for deleted files in over 300 common formats, including ZIP, HTML, PDF and JPG to name a few.
2. e2fscktools - check and correct filesystem inconsistencies
Hard disks do a lot of work. Modern OSes perform so many read and write operations, it isn't surprising that filesystems inevitably develop inconsistencies here and there over time.
This is why all mainstream Linux distros bundle the e2fscktools package, which includes tools that check and modify EXT2, EXT3 and EXT4 filesystems. For other filesystems, you can use xfs_ repair, jfs_fsck, and fsck.resiserfs. Most modern distros typically invoke the file system check after a particular number of reboots. If the check fails, it's probably because it can't locate the file system metadata.
E2FSCK: You can use e2fsck to mark bad blocks in a disk, so they aren't used for storing data. This is helpful if your hard disk is starting to throw up errors.
In that case, use the dumpe2fsck utility to locate the backup superblock and point to it via e2fsck. When e2fsck encounters problematic data, it places it in the 'lost+found' directory, along with the inode number that the data is associated with. If there's a great deal of data corruption on your hard disk and you have lots of files in the 'lost+found' directory, it's best to restore your data from a backup.
3. ntfsresize - resize NTFS partitions
Like the e2fsck tool, ntfsresize is included with most mainstream Linux desktop distributions. It helps you resize a Windows partition on a 32-bit or 64-bit installation without defragmenting the disk first. This tool checks NTFS partitions for errors and comes in handy when you want to expand and shrink the filesystem.
It's especially useful when you're working with partitions that Windows refuses to recognise because of bad sectors. The ntfsresize tool may alter the Windows boot-up, depending on how it's used. For example, it schedules an NTFS consistency check after the first boot into Windows. If you've experimented with the size of the partition, Windows might also throw up a system settings change message.
4. FSArchiver - duplicate entire partitions
The only effective answer to a damaged disk is a backup. There's no shortage of backup utilities out there, but they aren't all as smart as FSArchiver. With FSArchiver, you can save the contents of your filesystem into a compressed archive. This saves you space, and the backup is easily mountable in read-write format.
You can also restore backups into smaller or larger partitions. To ensure the integrity of the backed up data, FSArchiver checksums individual files, which it verifies during restoration. FSArchiver's main advantage over traditional archiving tools is that even if one file in the backup becomes corrupted, the tool will only skip over the specific file that's gone bad and still restore the rest of the backup as normal.
5. chntpw - reset Windows passwords
Password protecting your accounts is a good way to keep them secure, but all hell breaks loose when you forget your own password. Most web services have a backup plan – a way for you to retrieve your forgotten password, either by emailing you a new one or verifying your identity with a secret question.
Unfortunately, Windows has neither. There's little you can do if you forget your Windows password. Or is there? The chntpw tool can be used to reset passwords on Windows installations. It works by reading the Security Account Manager database under the Windows registry. Just boot from the live CD, point it to your Windows installation and breathe a sigh of relief as it prints a list of all the users on the installation.
Reset the password for the admin user – you can ignore the rest. If you want to recover your password instead of setting a new one, use Ophcrack.
6. Sfdisk - back up partition tables
If you juggle multiple OSes, it can be easy to mess up the partition table. Tools such as GParted mean that creating and resizing partitions isn't much of a chore any more, but they aren't very helpful when you've got a misaligned partition table.
That's when you need sfdisk. It's a small command line utility that's included with every Linux distro, and will back up, edit and restore partition tables. You use a considerable amount of disk space backing up data, so it only makes sense to back up the few bytes taken up by the partition table.
SFDISK: If you juggle multiple operating systems, it's wise to use the sfdisk utility to back up the partition table in an easy to read (and modify) text file.
It'll go a long way in recovering from a botched OS install. You can back up your partition table with sfdisk -d /dev/sda > sda_table.txt and restore it with sfdisk /dev/sda < sda_table.txt. If you have a RAID setup, you can mirror a partition table from one disk to another using sfdisk -d / dev/sda | sfdisk /dev/sdb.
7. ddrescue - recreate a damaged disk
We've looked at tools that will help you check and correct a damaged partition, but what if a disk throws up read errors? This isn't unusual for older hard disks and optical drives. If you have such a disk, start by making a copy of the failing drive with ddrescue, then try to repair the copy. If your data is really important, use the copy as a master for a second copy and try to repair the second copy.
DDRECSUE: You can use ddrescue to recreate a damaged hard disk, but don't forget that it overwrites data on the partition you're copying to by default.
The basic operation of ddrescue is fully automatic – it tries to recreate the data on a damaged disk. Better still, if you run it on two or more damaged copies of a failed disk, you might end up with a complete and error-free version. The tool uses a logfile to speed up the process by only reading the missing blocks.
8. Rsync - back up remotely
Keeping local backups isn't a clever move unless you mirror disks. What you need is a utility that backs up data over a network with very little overhead, and nothing does that better than the rsync CLI utility.
RSYNC: Use Grsync to simulate a backup and assess errors that may occur.
When run for the first time, the rsync command may seem a bit sluggish. However, all it needs to do from then on is transfer the bits that have changed in each directory or file since the last run. Since it's CLI, you can schedule it to do unattended remote backups. If CLI isn't you thing, try the various GUI avatars, such as Grsync, which runs on Linux and Windows. If you need something enterprise-ready, try BackupPC.
9. GAG - advanced boot loader
MBRs are easily damaged if you're careless while installing multiple OSes, or if you clone a bootable partition. If you've cooked yours, it's a good excuse to switch to the GAG boot manager.
GAG can boot nine different OSes installed in the primary or logical partitions of the disk. It's easy to configure and supports all the features you'd expect from a boot manager, including a timer to boot into the default OS, and password protecting the configuration menu.
GAG: Although it's more graphical than other bootloaders, GAG's interface is still entirely keyboard driven.
You can install GAG from Windows, Linux, or from one of the rescue-centric live CDs. When using GAG, install the Linux boot loader (GRUB) in the superblock of the root partition (such as '/dev/sda6'), not in the MBR.
10. Inquisitor - stress test hardware
Why wait for hardware to fail? It's a good idea to test your system thoroughly from time to time to make sure it can handle the stress it's put under. The Inquisitor live CD has lots of modules to test the various components in your system, such as hard disks, the disk controller, optical disks, USB drives, CPU, memory and more.
The live CD also comes in handy to stress test an overclocked configuration. You can use Inquisitor to benchmark your computer, which is useful when comparing the performance of different configurations. There's also the Phronix Test Suite, which can be used for benchmarking your system and comparing it with configurations uploaded by other users.
11. chkrootkit - check for rootkits
Computer viruses are the least of a power user's worries. An intruder can wreak much more damage than a virus by masking their intrusion with a rootkit, but help is just a scan away. Using chkrootkit, you can check your installation for many known rootkits.
The program uses tools such as grep to check if '/proc' entries are hidden from ps and the readdir system call. It performs a battery of tests to find signs of over 60 rootkits. Although it's a CLI utility, you shouldn't schedule it to run unattended. To be doubly sure that you're running a clean ship, also try the rkhunter utility.
12. md5deep - search for lost files
You'll probably need to recover lost files at some point, but how do you ensure their integrity? If your system has been compromised, the attacker might have replaced the original files with malicious copies.
That's why you should keep a hash digest of all the files on your system. Depending on the density of your filesystem, this could be a complex task. That's unless you use md5deep. It recursively computes MD5 of all files inside a directory. Moreover, it can use those hashes to find lost files and then verify their integrity. Binaries for the tool are available for both Linux and Windows.
