August 22

Linux: Bad Superblock Recovery

Bad superblock recovery

What do you do when you receive a “bad
superblock” error on a USB or other Flash drive?
Well, firstly you kick yourself for not backing up
important data on said drive for the past nine
days; you’re old enough to know better than that.
Secondly, you kick yourself for using that piece of
rubbish called the FAT32 filesystem which was
default for Windows 95, but is what every USB
drive ships with because it’s the last file format
released by Microsoft that actually communicates
with other operating systems, despite the fact that
it’s as buggy as hell and is prone to disaster.
Once you’ve done kicking yourself you look the
message. You could even try mounting the disk
e.g..,
mount /dev/sdb1 /mnt: Input/output error
mount: /dev/sda1: can’t read superblock
Now there’s a lot of cries for help on this issue as
a casual google search will indicate. However
there is a way to solve this.
First, make a copy of the disk image that isn’t
totally broken;
ddrescue -n /dev/old_disk /directory/backupfile
rescued.log
Then try to recover as much of the dicey areas as
possible;
ddrescue -r 1 /dev/old_disk /directory/backupfile
rescued.log
Now at least you’re not playing with the real
thing, for what it’s worth.
You could run a fsck on the disk, for what it’s
worth. But I found that foremost is the tool you
want to use. It recovers files using their headers,
footers, and data structures; which means it’s isn’t
brilliant at finding text files because they tend not
to have a header – these will often be buried in an
.exe file or similar.
The basic command to run is;
foremost -av backupfile
It won’t run quickly and you will end up with a lot
of files; including many backups of previous work,
jpegs and the like extracted from PDFs etc. You
will also want to run a grep over the directory to
find out where your text files are e.g.,
cd output
grep linux * -R
Perhaps not so surprisingly for something used in
law enforcement computer forensics and
developed by the United States Air Force Office of
Special Investigations, it’ll probably find almost
everything from your corrupted disk.

By: Lev Lafayette


Copyright 2021. All rights reserved.

Posted August 22, 2011 by Timothy Conrad in category "Linux

About the Author

If I were to describe myself with one word it would be, creative. I am interested in almost everything which keeps me rather busy. Here you will find some of my technical musings. Securely email me using - PGP: 4CB8 91EB 0C0A A530 3BE9 6D76 B076 96F1 6135 0A1B