By Dave On February 22, 2010 · Add Comment · In Tech Journal
Self-recrimination is a surprisingly powerful motivator.
I wondered into the State Street Apple Store this afternoon and had an pleasant encounter with one of the Geniuses (Genii?) behind the bar. Noting my snappy, well-put-together appearance and preppy Command Prompt polo shirt, he opined that he was familiar with the brand, and had recently been perusing the website. Yes, this very site which, in a burst of synchronicity, you are now, yourself, viewing. Sends chills up the spine no?
Anyway, it reminded me that I don't currently have a single posting on the wretched thing, and that in my position of joint supreme ruler, I should probably have one. (Actually, I did have a few posts, but they were swallowed by WordPress and are gone forever. Don't ask.)
So, Erik the State Street Genius, this post's for you. An oldie, but, I think, a goodie.
This is a rather handy little lesson on some of the neater things you can do with the command line, a dead hard drive, and an inordinate amount of time. Please note: this tip involves opening up the Terminal utility and typing a lot of commands very carefully. Check your syntax. Command Prompt LLC is in no way responsible if your computer explodes. Actually, those who know me swear I’m not responsible, period.
The underpinnings of OS X are murky, ancient UNIX foundations, and dipping into it is often an experience akin to fishing off the edge of some crumbling, dilapidated pier. Sure, you know full well what's down there, and how to bring it all up, but then you stumble across a Coelacanth or two and wonder where the hell that came from, and how you're supposed to cook the darn thing. Butter? Lemon juice? Hot sauce? Absinthe? Is it even legal? dd is probably going to be a prehistoric catch of the day to a few of you, so it's worth spending a minute or two talking about what it is and what it does.
Simply, it's a neat little program that copies standard input to standard output, and it's generally used for copying and synchronizing disks on a byte-by-byte level. Even "dead" disks — if you have the time and the inclination, it can often pull a lot of fairly useful stuff off a drive you may have given up for dead.
Here's how: First, you have to find the drive. I like to keep a couple of assorted enclosures around for putting drives into, usually a nice firewire one for ATA and SCSI, and a bizarre, no-name brand USB2 one for SATA drives. Once you have the drive snugly in its enclosure, hook it up to your mac, and fire up the Terminal. Type in "diskutil list" for a list of all available disks and their attendant partitions. What you're looking for is the identifier for your dead disk — it should be pretty straightforward; look for the disk that isn't one of your currently mounted disks, then identify the partition on the disk that contains the files you want to recover. Hint: it's probably the biggest one. It should follow the syntax "disk(disk number)s(partition number)".
For our example, we're going to use the second partition on the second disk, or "disk1s2". Next, you need another drive to copy everything on to. Note, it can be your main hard drive if you have enough space — we're going to create a disk image of the dead hard drive, so we don't necessarily require a whole other partition. Make sure you have enough space, though — dd will copy the whole drive, even unused space, so if you're trying to revive a 40GB hard drive, you'll need 40GB of free space to put it on to.
Open a new terminal window. I like to put the recovered stuff on my desktop, so the actual syntax (note: type it all as one very, very long string) I'd use for our disk1s2 drive would be:
dd bs=512 if=/dev/rdisk1s2 of=/Users/dave/Desktop/recovereddrive.dmg conv=noerror,sync
Here's what all that means:
dd — the command. Duh!
bs=512 — set the block size for the transfer to chunks of 512 bytes.
if=/dev/rdisk1s2 — look for the device/partition in the invisible /dev directory.
of=/Users/dave/Desktop/recoverddrive.dmg — copy everything to this new location.
conv=noerror — don't stop on any nasty bad sectors or other stumbling blocks.
sync — fill those missing spots with null data.
Hit return. And wait. A long time. dd is great for retrieving data, but it often takes days to trawl through a large drive, byte by byte. The longest I've ever had it run was a hair under three weeks on a dead 160GB drive, and I've heard of it taking up to a month for more complicated jobs. Moral of the story? OS X has a lot of very powerful UNIX tools bolted right into the OS that you'll probably never hear of, and almost certainly never need. Oh, and please, for the sake of all that's good and true, have a backup strategy.
yep