TestDisk
Encyclopedia
TestDisk is a free
data recovery utility. It was primarily designed to help recover lost data storage partitions and/or make non-booting disks bootable again when these symptoms are caused by faulty software, certain types of viruses or human error (such as accidentally erasing a partition table).
TestDisk can be used to collect detailed information about a corrupted drive which can then be sent to a tech for further analysis.
s:
:
It also handles non-partitioned media.
or the operating system
in order to find the data storage device
s (hard disk
s, memory card
s, …) and their characteristics (LBA
size and CHS
geometry).
TestDisk can
TestDisk does a quick check of the disk's structure and compares it with the partition table for entry errors.
Next, it searches for lost partitions of these file system
s:
However, it's up to the user to look over the list of possible partitions found by TestDisk and to select the one(s) which were being used just before the drive failed to boot or the partition(s) were lost. In some cases, especially after initiating a detailed search for lost partitions,
TestDisk may show partition data which is simply from the remnants of a partition that had been deleted and overwritten long ago.
A step by step guide explains how to use this software. TestDisk can be used in Computer forensics
procedure, it supports the EWF file format used by EnCase
.
(by the same author) have been downloaded more than 150,000 times in July 2008 from the primary website.
In fact these utilities are even more popular as they can be found on various Linux
Live CD
s:
They are also packaged for numerous Linux distribution
Free software
Free software, software libre or libre software is software that can be used, studied, and modified without restriction, and which can be copied and redistributed in modified or unmodified form either without restriction, or with restrictions that only ensure that further recipients can also do...
data recovery utility. It was primarily designed to help recover lost data storage partitions and/or make non-booting disks bootable again when these symptoms are caused by faulty software, certain types of viruses or human error (such as accidentally erasing a partition table).
TestDisk can be used to collect detailed information about a corrupted drive which can then be sent to a tech for further analysis.
Supported operating systems
TestDisk supports these operating systemOperating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
s:
- DOSDOSDOS, short for "Disk Operating System", is an acronym for several closely related operating systems that dominated the IBM PC compatible market between 1981 and 1995, or until about 2000 if one includes the partially DOS-based Microsoft Windows versions 95, 98, and Millennium Edition.Related...
: real or in a Windows 9x DOS box - Microsoft WindowsMicrosoft WindowsMicrosoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
: NT4Windows NTWindows NT is a family of operating systems produced by Microsoft, the first version of which was released in July 1993. It was a powerful high-level-language-based, processor-independent, multiprocessing, multiuser operating system with features comparable to Unix. It was intended to complement...
, 2000Windows 2000Windows 2000 is a line of operating systems produced by Microsoft for use on personal computers, business desktops, laptops, and servers. Windows 2000 was released to manufacturing on 15 December 1999 and launched to retail on 17 February 2000. It is the successor to Windows NT 4.0, and is the...
, XPWindows XPWindows XP is an operating system produced by Microsoft for use on personal computers, including home and business desktops, laptops and media centers. First released to computer manufacturers on August 24, 2001, it is the second most popular version of Windows, based on installed user base...
, 2003Windows Server 2003Windows Server 2003 is a server operating system produced by Microsoft, introduced on 24 April 2003. An updated version, Windows Server 2003 R2, was released to manufacturing on 6 December 2005...
, VistaWindows VistaWindows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...
, Windows 7 - GNU/Linux
- FreeBSDFreeBSDFreeBSD is a free Unix-like operating system descended from AT&T UNIX via BSD UNIX. Although for legal reasons FreeBSD cannot be called “UNIX”, as the direct descendant of BSD UNIX , FreeBSD’s internals and system APIs are UNIX-compliant...
, NetBSDNetBSDNetBSD is a freely available open source version of the Berkeley Software Distribution Unix operating system. It was the second open source BSD descendant to be formally released, after 386BSD, and continues to be actively developed. The NetBSD project is primarily focused on high quality design,...
, OpenBSDOpenBSDOpenBSD is a Unix-like computer operating system descended from Berkeley Software Distribution , a Unix derivative developed at the University of California, Berkeley. It was forked from NetBSD by project leader Theo de Raadt in late 1995... - SunOSSunOSSunOS is a version of the Unix operating system developed by Sun Microsystems for their workstation and server computer systems. The SunOS name is usually only used to refer to versions 1.0 to 4.1.4 of SunOS...
- Mac OS XMac OS XMac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems...
Supported partition table type
TestDisk recognizes the following disk partitioningDisk partitioning
Disk partitioning is the act of dividing a hard disk drive into multiple logical storage units referred to as partitions, to treat one physical disk drive as if it were multiple disks. Partitions are also termed "slices" for operating systems based on BSD, Solaris or GNU Hurd...
:
- Apple partition mapApple Partition MapApple Partition Map is a partition scheme used to define the low-level organization of data on disks formatted for use with 68K and PowerPC Macintosh computers that was introduced with the Macintosh SE ....
- GUID Partition TableGUID Partition TableIn computer hardware, GUID Partition Table is a standard for the layout of the partition table on a physical hard disk. Although it forms a part of the Extensible Firmware Interface standard , it is also used on some BIOS systems because of the limitations of MBR partition tables, which restrict...
- PC/Intel Partition Table (master boot recordMaster boot recordA master boot record is a type of boot sector popularized by the IBM Personal Computer. It consists of a sequence of 512 bytes located at the first sector of a data storage device such as a hard disk...
) - Sun Solaris sliceSlice (disk)In Sun Microsystems' Solaris computer operating system, disk partitions are sometimes known as slices. This is a conceptual reference to the slicing of a cake into several pieces...
- XboxXboxThe Xbox is a sixth-generation video game console manufactured by Microsoft. It was released on November 15, 2001 in North America, February 22, 2002 in Japan, and March 14, 2002 in Australia and Europe and is the predecessor to the Xbox 360. It was Microsoft's first foray into the gaming console...
fixed partitioning scheme
It also handles non-partitioned media.
Partition recovery
TestDisk queries the BIOSBIOS
In IBM PC compatible computers, the basic input/output system , also known as the System BIOS or ROM BIOS , is a de facto standard defining a firmware interface....
or the operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
in order to find the data storage device
Data storage device
thumb|200px|right|A reel-to-reel tape recorder .The magnetic tape is a data storage medium. The recorder is data storage equipment using a portable medium to store the data....
s (hard disk
Hard disk
A hard disk drive is a non-volatile, random access digital magnetic data storage device. It features rotating rigid platters on a motor-driven spindle within a protective enclosure. Data is magnetically read from and written to the platter by read/write heads that float on a film of air above the...
s, memory card
Memory card
A memory card or flash card is an electronic flash memory data storage device used for storing digital information. They are commonly used in many electronic devices, including digital cameras, mobile phones, laptop computers, MP3 players, and video game consoles...
s, …) and their characteristics (LBA
Logical block addressing
Logical block addressing is a common scheme used for specifying the location of blocks of data stored on computer storage devices, generally secondary storage systems such as hard disks....
size and CHS
Cylinder-head-sector
Cylinder-head-sector, also known as CHS, was an early method for giving addresses to each physical block of data on a hard disk drive. In the case of floppy drives, for which the same exact diskette medium can be truly low-level formatted to different capacities, this is still true.Though CHS...
geometry).
TestDisk can
- Recover deleted partition
- Rebuild partition table
- Rewrite the Master boot recordMaster boot recordA master boot record is a type of boot sector popularized by the IBM Personal Computer. It consists of a sequence of 512 bytes located at the first sector of a data storage device such as a hard disk...
(MBR)
TestDisk does a quick check of the disk's structure and compares it with the partition table for entry errors.
Next, it searches for lost partitions of these file system
File system
A file system is a means to organize data expected to be retained after a program terminates by providing procedures to store, retrieve and update data, as well as manage the available space on the device which contain it. A file system organizes data in an efficient manner and is tuned to the...
s:
- Be File SystemBe File SystemThe Be File System is the native file system for the BeOS....
(BeOSBeOSBeOS is an operating system for personal computers which began development by Be Inc. in 1991. It was first written to run on BeBox hardware. BeOS was optimized for digital media work and was written to take advantage of modern hardware facilities such as symmetric multiprocessing by utilizing...
) - BSD disklabelBSD disklabelIn BSD-derived computer operating systems and in related operating systems such as SunOS, a disklabel is a record stored on a data storage device such as a hard disk that contains information about the location of the partitions on the disk. Disklabels were introduced in the 4.3BSD-Tahoe release...
(FreeBSD/OpenBSD/NetBSD) - CramfsCramfsThe compressed ROM file system is a free read-only Linux file system designed for simplicity and space-efficiency. It is mainly used in embedded systems and small-footprint systems....
, Compressed File System - DOS/Windows FATFile Allocation TableFile Allocation Table is a computer file system architecture now widely used on many computer systems and most memory cards, such as those used with digital cameras. FAT file systems are commonly found on floppy disks, flash memory cards, digital cameras, and many other portable devices because of...
12, 16, and 32 - Windows exFATExFATexFAT is a proprietary, patent-pending file system designed especially for USB flash drives. Developed by Microsoft, it is supported in Windows XP and Windows Server 2003 with update KB955704, Windows Embedded CE 6.0, Windows Vista with Service Pack 1, Windows Server 2008, Windows 7, Windows...
- HFSHierarchical File SystemHierarchical File System is a file system developed by Apple Inc. for use in computer systems running Mac OS. Originally designed for use on floppy and hard disks, it can also be found on read-only media such as CD-ROMs...
, HFS+HFS PlusHFS Plus or HFS+ is a file system developed by Apple Inc. to replace their Hierarchical File System as the primary file system used in Macintosh computers . It is also one of the formats used by the iPod digital music player...
and HFSX, Hierarchical File SystemHierarchical File SystemHierarchical File System is a file system developed by Apple Inc. for use in computer systems running Mac OS. Originally designed for use on floppy and hard disks, it can also be found on read-only media such as CD-ROMs... - JFS, IBM's Journaled File System
- Linux ext2Ext2The ext2 or second extended filesystem is a file system for the Linux kernel. It was initially designed by Rémy Card as a replacement for the extended file system ....
, ext3Ext3The ext3 or third extended filesystem is a journaled file system that is commonly used by the Linux kernel. It is the default file system for many popular Linux distributions, including Debian...
and ext4Ext4The ext4 or fourth extended filesystem is a journaling file system for Linux, developed as the successor to ext3.It was born as a series of backward compatible extensions to ext3, many of them originally developed by Cluster File Systems for the Lustre file system between 2003 and 2006, meant to... - Linux RAID
- RAID 1: mirroring
- RAID 4: striped array with parity device
- RAID 5: striped array with distributed parity information
- RAID 6: striped array with distributed dual redundancy information
- Linux Swap (versions 1 and 2)
- LVM and LVM2, Linux Logical Volume ManagerLogical Volume Manager (Linux)LVM is a logical volume manager for the Linux kernel; it manages disk drives and similar mass-storage devices, in particular large ones. The term "volume" refers to a disk drive or partition thereof...
- Novell Storage ServicesNovell Storage ServicesNovell Storage Services is a file system used by the Novell NetWare operating system. Recently support of NSS was introduced to SUSE Linux via low-level network NCPFS protocol...
(NSS) - NTFS (Windows NT/2000/XP/2003/Vista/2008/7)
- ReiserFSReiserFSReiserFS is a general-purpose, journaled computer file system designed and implemented by a team at Namesys led by Hans Reiser. ReiserFS is currently supported on Linux . Introduced in version 2.4.1 of the Linux kernel, it was the first journaling file system to be included in the standard kernel...
3.5, 3.6 and 4 - Sun Solaris i386 disklabel
- Unix File SystemUnix File SystemThe Unix file system is a file system used by many Unix and Unix-like operating systems. It is also called the Berkeley Fast File System, the BSD Fast File System or FFS...
UFS and UFS2 (Sun/BSD/…) - XFSXFSXFS is a high-performance journaling file system created by Silicon Graphics, Inc. It is the default file system in IRIX releases 5.3 and onwards and later ported to the Linux kernel. XFS is particularly proficient at parallel IO due to its allocation group based design...
, SGI’s Journaled File System
However, it's up to the user to look over the list of possible partitions found by TestDisk and to select the one(s) which were being used just before the drive failed to boot or the partition(s) were lost. In some cases, especially after initiating a detailed search for lost partitions,
TestDisk may show partition data which is simply from the remnants of a partition that had been deleted and overwritten long ago.
A step by step guide explains how to use this software. TestDisk can be used in Computer forensics
Computer forensics
Computer forensics is a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media...
procedure, it supports the EWF file format used by EnCase
EnCase
EnCase is a computer forensics product produced by Guidance Software used to analyze digital media . The software is available to law enforcement agencies and corporations.EnCase includes tools for data acquisition, file recovery, indexing/search and file parsing...
.
Filesystem repair
TestDisk can deal with some specific logical filesystem corruption:- File Allocation TableFile Allocation TableFile Allocation Table is a computer file system architecture now widely used on many computer systems and most memory cards, such as those used with digital cameras. FAT file systems are commonly found on floppy disks, flash memory cards, digital cameras, and many other portable devices because of...
, FAT- FAT12 and FAT16
- Find filesystem parameters to rewrite a valid boot sector
- Use the two copies of the FAT to rewrite a coherent version
- FAT32
- Find filesystem parameters to rewrite a valid boot sector
- Restore the boot sector using its backup
- Use the two copies of the FAT to rewrite a coherent version
- FAT12 and FAT16
- exFATExFATexFAT is a proprietary, patent-pending file system designed especially for USB flash drives. Developed by Microsoft, it is supported in Windows XP and Windows Server 2003 with update KB955704, Windows Embedded CE 6.0, Windows Vista with Service Pack 1, Windows Server 2008, Windows 7, Windows...
- Restore the boot sector using its backup
- NTFS
- Find filesystem parameters to rewrite a valid boot sector
- Restore the boot sector using its backup
- Restore the Master File Table (MFT) from its backup
- Extended file systemExtended file systemThe extended file system or ext was implemented in April 1992 as the first file system created specifically for the Linux operating system. It has metadata structure inspired by the traditional Unix File System and was designed by Rémy Card to overcome certain limitations of the Minix file...
s, ext2Ext2The ext2 or second extended filesystem is a file system for the Linux kernel. It was initially designed by Rémy Card as a replacement for the extended file system ....
, ext3Ext3The ext3 or third extended filesystem is a journaled file system that is commonly used by the Linux kernel. It is the default file system for many popular Linux distributions, including Debian...
and ext4Ext4The ext4 or fourth extended filesystem is a journaling file system for Linux, developed as the successor to ext3.It was born as a series of backward compatible extensions to ext3, many of them originally developed by Cluster File Systems for the Lustre file system between 2003 and 2006, meant to...
- Find backup superblock location to assist fsckFsckThe system utility fsck is a tool for checking the consistency of a file system in Unix and Unix-like operating systems such as Linux.-Use:...
- Find backup superblock location to assist fsck
- HFS+
- Restore the boot sector using its backup
File recovery
When a file is deleted, the list of disk clusters occupied by the file is erased, marking those sectors available for use by other files created or modified thereafter. If the file wasn't fragmented and the clusters haven't been reused, TestDisk can recover the deleted file:- FAT file undelete
- NTFS file undelete
- exFAT file undelete
- ext2 file undelete
Popularity
TestDisk and PhotoRecPhotoRec
PhotoRec is a file carver data recovery software tool designed to recover lost files from digital camera memory , hard disks and CD-ROMs...
(by the same author) have been downloaded more than 150,000 times in July 2008 from the primary website.
In fact these utilities are even more popular as they can be found on various Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
Live CD
Live CD
A live CD, live DVD, or live disc is a CD or DVD containing a bootable computer operating system. Live CDs are unique in that they have the ability to run a complete, modern operating system on a computer lacking mutable secondary storage, such as a hard disk drive...
s:
- Recovery Is PossibleRecovery Is PossibleRecovery Is Possible is a small, specialized Linux distribution based on Slackware that includes system maintenance and recovery applications on a live CD or USB flash drive. The RIP disc comes in two flavors: one with the X Window System and one without...
- Knoppix STDKnoppix STDKnoppix STD is a Live CD Linux distribution based on Knoppix that focused on computer security tools. It included GPL licensed tools in the following categories: authentication, password cracking, encryption, forensics, firewalls, honeypots, intrusion detection system, network utilities,...
- GPartedGPartedGParted is a GTK+ front-end to GNU Parted and the official GNOME Partition Editor application.It is used for creating, deleting, resizing, moving, checking and copying partitions, and the file systems on them...
Live CD - Iloog
- Parted MagicParted MagicParted Magic is a computer operating system based on GNU/Linux and is distributed as free and open source software. It is named after GParted, an open source partitioning tool, and the distribution is primarily designed for the purpose of disk partitioning and data recovery.-Features:The...
- PLD Live CD and PLD RescueCD, based on PLD Linux Distribution
- Slax-LFI, a SlaxSLAXSlax is a LiveCD Linux distribution based on Slackware and is currently being developed by Tomáš Matějíček. Packages can be selected in a website where users can build a custom Slax iso image. Slax slogan refers to the software as a "Pocket Operating System"...
-derived distribution - SystemRescueCDSystemRescueCDSystemRescueCd is an operating system for the x86 computer platform, though the primary purpose of SystemRescueCD is to repair unbootable or otherwise damaged computer systems after a system crash. SystemRescueCD is not intended to be used as a permanent operating system. It runs from a Live CD or...
- Trinity Rescue KitTrinity Rescue KitTrinity Rescue Kit is a free command-line Live CD Linux distribution created especially for rescuing Windows PCs It is aimed specifically at offline operations for Windows and Linux systems such as rescue, repair, password resets and disk cloning...
- Ubuntu Rescue Remix, an UbuntuUbuntu (operating system)Ubuntu is a computer operating system based on the Debian Linux distribution and distributed as free and open source software. It is named after the Southern African philosophy of Ubuntu...
derivation
They are also packaged for numerous Linux distribution
Linux distribution
A Linux distribution is a member of the family of Unix-like operating systems built on top of the Linux kernel. Such distributions are operating systems including a large collection of software applications such as word processors, spreadsheets, media players, and database applications...
- ALT LinuxALT LinuxALT Linux is a set of RPM-based operating systems built on top of the Linux kernel and Sisyphus packages repository. ALT Linux is developed jointly by ALT Linux Team developers community and ALT Linux Ltd.- History :...
- ArchLinux Extra Repository
- DebianDebianDebian is a computer operating system composed of software packages released as free and open source software primarily under the GNU General Public License along with other free software licenses. Debian GNU/Linux, which includes the GNU OS tools and Linux kernel, is a popular and influential...
contrib - FedoraFedora (operating system)Fedora is a RPM-based, general purpose collection of software, including an operating system based on the Linux kernel, developed by the community-supported Fedora Project and sponsored by Red Hat...
Extras - Red HatRed HatRed Hat, Inc. is an S&P 500 company in the free and open source software sector, and a major Linux distribution vendor. Founded in 1993, Red Hat has its corporate headquarters in Raleigh, North Carolina with satellite offices worldwide....
Epel - FreeBSDFreeBSDFreeBSD is a free Unix-like operating system descended from AT&T UNIX via BSD UNIX. Although for legal reasons FreeBSD cannot be called “UNIX”, as the direct descendant of BSD UNIX , FreeBSD’s internals and system APIs are UNIX-compliant...
ports - GentooGentoo LinuxGentoo Linux is a computer operating system built on top of the Linux kernel and based on the Portage package management system. It is distributed as free and open source software. Unlike a conventional software distribution, the user compiles the source code locally according to their chosen...
and Gentoo Portage - MandrivaMandrivaMandriva S.A. is a publicly traded Linux and open source software company with its headquarters in Paris, France and development center in Curitiba, Brazil. Mandriva, S.A...
contrib - PLD Linux Distribution
- Source Mage GNU/Linux
- UbuntuUbuntu (operating system)Ubuntu is a computer operating system based on the Debian Linux distribution and distributed as free and open source software. It is named after the Southern African philosophy of Ubuntu...