Klennet Storage Software

Working without a clone - is it safe?

Changing something on a drive without having a clone (or a disk image file) is risky. Even not changing things is still risky. Before working on the recovery, you should always make a clone (or a disk image file).

What's a clone?

A clone is an exact copy of the entire (faulty) drive on another (good) drive. A disk image file is the exact copy of the entire (faulty) drive in a file. The copy contains all sectors on the original drive, including blank sectors and those presumed not in use.

Why is it needed?

Standard practice is to make a clone of the damaged drive (or any device, really) immediately as it comes in for recovery, just in case. There are cases when you can arguably perform recovery without making a clone, but decisions like this are best left to specialists. They have the experience, and they do their clones anyway.

We can reasonably argue that running TestDisk and modifying partition tables is safe if the original partition tables are damaged. After all, if TestDisk screws up and overwrites the original unusable partition table with a new unusable partition table, things are not getting any worse – the original was unusable anyway. This argument only works if the damage is limited to the partition table, and there is often no way to know it is. It is quite possible that TestDisk will rebuild the partition table properly, and then, on the next reboot, the filesystem driver will try to mount the filesystem only to discover that filesystem is also damaged. Depending on the specific damage, the driver can then happily thrash the filesystem during some repair attempt or even during normal initialization.

The same argument applies to running recoveries on a mounted drive (or a memory card). A mounted drive is a drive that has a drive letter assigned to it and is generally accessible via File Explorer or whatever other "normal" means. Even though you are not accessing the drive explicitly, the filesystem driver still does its things and might, in some cases, adversely affect the data. If you do not command or do not see changes being made, it does not mean no changes are being made to the drive.

However rare, these things happen, and it is when you need a clone.

Filed under: Disk imaging.

Created Sunday, January 20, 2019

Copyright © 2017 - 2024 Alexey V. Gubin