On Thursday 16 June 2005 05.49, Bruce P. Burrell wrote:
Hi, all.
I was using dd under Helix 1.6 to make an image of a (very) damaged
hard drive... after several days, I had copied some 3 GB out of 40, while
most of the time was spent trying to copy the other 1100 or so bad
sectors. The important part to me, at this point, was the log file of
where dd found errors (I was redirecting stderr to a logfile); naturally,
this file was stored in RAM (only one USB port and no floppy).
Anyway, it was chewing along, albeit slowly, when I went to bed one
night; imagine my surprise and dismay when in the next morning, the CD was
ejected and Helix was prompting me for a reboot. Yikes! Where is my
logfile? Ever so temptingly stranded in RAM....
[I'm mystified about how this happened; obviously, it didn't lose power
and I sure never initiated a shutdown.... But that's an issue for
another time.]
It's still sitting at that "remove CD" prompt.
I figure if I boot from CD with a small memory footprint, I stand a
very good chance of finding the logfile data in RAM. Maybe an old version
of DOS with DEBUG (ugly, but functional). Or I could write a minimalist
COMMAND.COM replacement in assembler. But it would be a lot nicer if there
were some prior art, and if it had the capability to mount USB drives (or
burn to CD) and write files, instead of just sectors... My guess is that
(old) DOS will use less RAM than any existing Linux.
Obviously, it is critical that RAM not be zeroed.
Google has given some tips, but I figured I would tap the expertise
here. If you reply directly and there is interest, I'll be pleased to
summarize to the list.
Thanks!
-BPB
University of Michigan AntiVirus Team Leader
University of Michigan Data Recovery Team Leader
PGP 2.6.2 key fingerprint: 0D A5 98 3C 91 DA E0 DD 9C 6D FA 8F 4D 34 95
ED
As soon as you reboot you loose that data...
If the reboot prompt is PRIOR to shutdown and reset there MIGHT be a
possibility to either alt-f2 to another shell or get in via SSH. (Where to go
from that is for someone else to tell..)
But if the system allready is shutdown, and all it does is prompt for the
removal of the CD, i dont think there is anything you can do.
The "device drivers" and shell binaries are all inaccessible, and also, if the
shell has"logged out" the ram is most certainly used for other things
(correct me if im wrong).
My tip would have been to either install another disk to pipe the logs to OR
use NFS to route the logs to another computer OR
install the broken disk in another machine to try to salvage it...
I once tried to retrieve a 200 Gb disk with lots of death in it.. It took a
day to run the rescue, but i got 99% back.
The dead clusters were VERY dead.. (And the data on them werent that crucial)
--
/Rikard
" Sharing knowledge is the most fundamental act of friendship.
Because it is a way you can give something without loosing something."
-R. Stallman
---------------------------------------------------------------
Rikard Johnels email : rikjoh@norweb.se
Mob : +46 763 19 76 25
PGP : 0x461CEE56
---------------------------------------------------------------
