Recovering NTFS Partition with backup Sector
April 5th, 2015, 13:43
Hi all,
This is Western Digital Element Disk 1TB disk, perform head swap and image disk completely to another disk without any problem.
Strange is that after image is completed could't find the Partition with any software even.
i have attached images of following sectors;
Sector 0
Last sector
NTFS backup sector
can anybody please through some light ?
i appreciate help.
This is Western Digital Element Disk 1TB disk, perform head swap and image disk completely to another disk without any problem.
Strange is that after image is completed could't find the Partition with any software even.
i have attached images of following sectors;
Sector 0
Last sector
NTFS backup sector
can anybody please through some light ?
i appreciate help.
- Attachments
-
-
-
Re: Recovering NTFS Partition with backup Sector
April 5th, 2015, 16:20
There is no partition table in sector 0, so it appears that the user has initialised the drive.
The EFI PART sector should have a copy at sector 1. Its structure appears to be correct. The max LBA of 0x74706DAF corresponds to a 1TB drive. That said, the drive would have been initially partitioned in MBR mode, not GPT. In fact, why is GPT necessary at all? ISTM that the user has probably messed up the file system.
The NTFS boot sector contains Windows XP boot code:
http://thestarman.pcministry.com/asm/mb ... rHexEd.htm
The BIOS Parameter Block is indicating 63 sectors per track, 255 heads, 512 bytes per sector, starting sector 63, 8 sectors per cluster. The size of the NTFS volume is 0x74705981 sectors, ie 1TB.
http://thestarman.pcministry.com/asm/mbr/NTFSBR.htm
This means that the backup boot sector corresponds to the original MBR partition and the original NTFS volume at sector 63. I would attempt to mount the volume with DMDE (a freeware disc editor) by clicking on the backup boot sector in DMDE's partitions window. I would also examine sector 63 and beyond.
The following resource explains the structures of the various sectors:
http://thestarman.pcministry.com/asm/mbr/index.html
The EFI PART sector should have a copy at sector 1. Its structure appears to be correct. The max LBA of 0x74706DAF corresponds to a 1TB drive. That said, the drive would have been initially partitioned in MBR mode, not GPT. In fact, why is GPT necessary at all? ISTM that the user has probably messed up the file system.
The NTFS boot sector contains Windows XP boot code:
http://thestarman.pcministry.com/asm/mb ... rHexEd.htm
The BIOS Parameter Block is indicating 63 sectors per track, 255 heads, 512 bytes per sector, starting sector 63, 8 sectors per cluster. The size of the NTFS volume is 0x74705981 sectors, ie 1TB.
http://thestarman.pcministry.com/asm/mbr/NTFSBR.htm
This means that the backup boot sector corresponds to the original MBR partition and the original NTFS volume at sector 63. I would attempt to mount the volume with DMDE (a freeware disc editor) by clicking on the backup boot sector in DMDE's partitions window. I would also examine sector 63 and beyond.
The following resource explains the structures of the various sectors:
http://thestarman.pcministry.com/asm/mbr/index.html
Re: Recovering NTFS Partition with backup Sector
April 6th, 2015, 7:21
@fzabkar
thank you for answering, it really helps and explain alot.
sector 63 and beyond are zero's only till sector 251200 (approx) this is where data started.
i will do more digging and post the results here.
thank you for answering, it really helps and explain alot.
sector 63 and beyond are zero's only till sector 251200 (approx) this is where data started.
i will do more digging and post the results here.
Re: Recovering NTFS Partition with backup Sector
April 10th, 2015, 5:21
What is at sector 6291519 ?
Re: Recovering NTFS Partition with backup Sector
April 10th, 2015, 5:48
sector 6291519 is MFT start sector till 6291590, but it seems to be small in size keeping in view the total data customer claim is about 600GB.
- Attachments
-
Powered by phpBB © phpBB Group.