Dear Friends
I have got a hard disk and as per customer disk was giving error while accessing.Customer has recovered data from 2 out of 3 drives but was unable to recover from one partition.
I have run almost all utilities though they found large no. of files nothing appears in folder tree struture (only raw data)
Here is full scan log of dmde. Can someone pls. analyze the same to find exact technical issue ?
I have also sent it to dmitry but there is no reply from him.
Thank you.
https://drive.google.com/file/d/1sijYuo ... sp=sharing

I could be wrong and perhaps Dmitry can get something useful out of it, but I always took the primary function of the log as sort of a state-file DMDE itself can use to load a previous recovery. Assuming NTFS, there's various tools in DMDE that can help narrow down a file system but you'd nee to use these hands-on.

Maybe first tell how the data was lost in the first place. Was the drive imaged, IOW are we working with the clone/ disk image? If some bad sectors issues or similar, after imaging the drive, 9 out of 10 times you can extract data using DMDE by simply selecting the partition and click 'open volume'. In case of full scan often the tree can be cleared up by clicking All found / virtual FS and select pure FS.

_________________
Joep - http://www.disktuna.com - video & photo repair & recovery service

Thanks Arch
Yes patient was cloned using hardware imager. Customers IT engineer might not tell actually what has happened as usual.
I suspect system restore might have happened . Often if partitions are shrinked and OS partition formatted and new OS installed , virtual logical drives are lost and nothing is get recovered (I think actual physical MBR might not be created as it is done whithin windows ).Also if required D drive was having bitlocker or any other encryption and is formatted then again nothing may get recovered.
This disk was scanned using DMDE professional version 4.06. As per Dmitry full scan is most advanced option for using dmde.
But I have noted various special functions you have highlighed .I am unable to intrepret dmde log so just put this post.
Thanks a lot.

I don't have much to add. Usually NTFS is fairly straight forward, you have a numbered array of entries, most of these pointing to files/clusters allocated to files. Since it's cluster numbers / ranges pointed to there's few things a file recovery tool has to get right, being offset to cluster 0 and cluster size. And of course we need finding MFT entries themselves. Not just any, but chunks of MFT entries with ascending entry numbers that make sense in relation to a file system.

After full scan DMDE can show you all MFT chunks it found for selected volume, click All Found / Virtual FS > advanced TAB > Volume FS fragments. --/++ in previous TAB controls number of MFT entries included, so ++ all the way should show each and every MFT entry. Most likely this will include BS too, think for example virtual drive containers, or remains of a previous file system.



This may be your biggest issue. Context is key and context is often what we need to make some sense of what we see or do not see. As sort of a last resort I sometimes resort to simply scan the drive for possible partition starts and simply 'open' those to see what it gives, in case scenario was unknow, previous partitioning was unknown etc.. Some times you get lucky. Like this I mean: https://youtu.be/5RClVfg-uOk

_________________
Joep - http://www.disktuna.com - video & photo repair & recovery service

Hi Arch Thanks.
Since MFT's are not accessible , data recovery might not be possible. I have given up & informed customer that full decryption is the only way.
Thanks