Posts Tagged ‘command-line’

PC ER: How-To Recover Photos/Videos/Data from a Damaged SD Card

Monday, January 5th, 2009

(damaged SD card with unreadable data; perhaps due to the worn down contacts?)

Situation:

2GB SD card no longer registers as ‘visible’ to the digital camera and is barely readable within the Vista OS.

Potential Loss:

~1.5GB worth of photos and videos of Hong Kong.

Diagnosis:

Download and install PhotoRec. (permanent archive)

Navigate to the ‘win‘ directory and run “photorec_win.exe” — you will be presented with a similar screen to the following:

(the PhotoRec media selection screen)

Now, on my laptop here, there are essentially two drives that PhotoRec sees: (1) the hard disk, which can be easily recognized as the larger of the two (160GB); and (2) the SD card which weighs in at an easily-discernible 2002MB (2GB). On a desktop system with many hard drives and devices plugged in, this selection screen can be a little tougher on the eyes — so be sure you are selecting the right media.

Next, PhotoRec will ask you to select the “partition table type”; for our purposes, we’re using an “Intel/PC partition.” On next screen, PhotoRec needs to know which partition you want to scan, whether it be the a specific partition, or the entire disk. The default is for it to do the largest partition, I believe, but just to be sure I instruct PhotoRec to scan the entire volume:

(the partition selection screen for PhotoRec, note the default is for the partition, and not the whole volume?)

With “[Whole disk]” selected, I do not change any options but instead hit Enter to “[Search]” and because I selected [Whole disk]; PhotoRec asks me the filesystem type, I simply select “Other” which was the default which encompasses FAT/NTFS, etc. All normal for an SD card.

Now, as a final measure, PhotoRec asks where you want to save the recovered files. This screen is confusing for most people who are not accustomed to DOS-style screens. Look through this screen slowly:

(PhotoRec asks where you want to save the files. Notice the ever so subtle [Y\N] prompt, however?)

As you can see, I launched PhotoRec directly from my downloads folder in Vista because I am not particularly concerned about the location right now. I don’t mind if it stores the files in the directory indicated in the photo, so I can just hit Y on my keyboard and let it scan the volume. However, if you did want to change directories, it would be helpful for you to know that two periods (..) in DOS syntax means “up one directory” — So, using your arrow keys, you can navigate through your directory structure in Windows to find the correct place to put your files. All the way to the right of the screen you’ll see, right near the top, two periods. Those periods let you go back all the way to the root of the drive. Also known as \ or simply the drive letter and a colon.

For my purposes, I hit the Y key and just write the files straight in the downloaded location since I will be moving them later with Windows Explorer anyway:

(PhotoRec, scanning sectors for recoverable data)

Once completed, it will indicate as such on screen. Simply close or quit from the command prompt window. Assuming you left the defaults in place as I have, the recovered data will be in one or more folders inside of the ‘win‘ directory labeled “recup_dir.*”:

(the recovered data from PhotoRec, deposited into the recup_dir.1 directory)

Scrolling through all 41 files, it appears as though that’s about everything. All photos and videos before the card became corrupt and was no longer readable by the camera or the computer. As such, I will not need to pursue further recovery methods which include but are not limited to, the following applications: (1) Stellar Phoenix Data Recovery; (2) GetDataBack; and (3) EnCase Forensic as a final measure.

Good luck.

Tags: , , , , , , ,
Posted in How-To, PC Emergency Room | 9 Comments »

DOS: Bypassing the Cyclic Redundancy Check (and other) Errors

Saturday, December 20th, 2008

I was terribly busy working on a case this week. Many of the documents in the case were scanned in .TIF (also known as TIFF, Tagged Image File Format) format. So, browsing through the documents in this manner proved terribly inefficient and I didn’t have enough time to look into third party programs that might help me look through .TIF files faster. So, my solution was simple: I would take the CD full of sequentially numbered .TIF files and create a PDF out of them.

As I begun adding blocks of .TIF files to Adobe Acrobat, near the end of the disc, in the 6000’s, Acrobat would freeze up and hang and eventually result in a crash unless I ejected the disc. My assumption, was that certain files on the disc were corrupted either due to scratches or aluminum erosion/decay (they are very old discs).

(microscopic view of the surface of a compact disc)

Of course, there is no way to tell which files are corrupted this way. So, I decided to copy the entire folder of .TIF files to my hard drive to take note of the corrupted file(s). Big mistake. As Windows XP ran into corrupted files, it would halt for a tremendously long time, and then finally return an error:

Cannot copy 00006337.tif: Data error (cyclic redundacy error)

After I press “OK” I then had to re-select all of the uncopied files, avoiding the corrupted file, and then continue. This proved futile since there were various corrupted files scattered throughout the disc. (As a side note, a couple of fantastic tools for recovering data from damaged discs that I have personally tested are: photorec and object rescue). So, this seemingly simple task of “copy usable data from disc, ignoring corrupted files” has suddenly become a big problem on Windows XP and I am seriously short on time.

Without hesitation, I opened a new command prompt. I navigated to the directory of the files on my faulty disc and typed the following command:

XCOPY *.* “C:\CASES (Sam)\Clair\FPD CDs\FPD” /C

What does *.* mean? Well, it essentially means “wildcard dot wildcard,” meaning that I am stating any file with any extension. I type this because I am too lazy to type *.TIF since it’s the same thing. If, for example, I only wanted to copy the 00006000’s, I would type “00006*.*” Simple enough.

Note how I placed my destination folder in quotations? That stems from a long history of inconsistency dating back to the early DOS days when you had a 8 character limit. That was eventually extended in Windows95 which allowed for shortcuts for long directories in DOS like “C:\PROGRA~1″ for “Program Files.” Putting quotation marks prevents (prevented?) DOS from interpreting a space as an end to your command.

Now, for the flag: /C. Doing a /? on XCOPY indicates:

/C           Continues copying even if errors occur.

Exactly what I was looking for, right? Right there, in DOS, built right in. All you need to know is where to look to save lots and lots of time. After executing the command, it worked flawlessly without the need for any further user intervention:

(simple xcopy solution for bypassing erroneous data)

Hopefully you won’t have to put this technique to use, but if you do, it’s nice to know you have the right resources and knowledge at your disposal should you need them.

Questions? As always, e-mail:

See also: Vista’s robocopy

Tags: , , , , , , , , , , , ,
Posted in Feature Focus, How-To | 1 Comment »

Why I Still Use DOS

Thursday, November 27th, 2008

For some of you, the thought of DOS probably brings back horrifying memories of things like IRQ conflicts, MSCDEX, the config.sys, himem.sys, etc. Those days are over, but the best aspects of DOS remain a part of Windows, fortunately.

Knowledge of DOS has been critical to my geeky endeavors over the last dozen or so years. Back in the nineties, as the GUI became pervasive and people seemed to have completely forgotten the command-line altogether, I continued to use it for a wide range of tasks. Yes, part of the reason I haven’t “let go” of DOS is in part nostalgic. The other part is that it has in fact been and remains very useful. Especially in troubleshooting and fixing low level problems that can’t be solved any other way.

So, you’re wondering what I could possibly have used DOS to accomplish? These days, for most things DOS can do, there is usually a free or paid application for Windows that does the same thing a little easier. Thing is, knowing how to do various tasks in DOS can help you repair Windows and perform a whole host of other tasks a lot quicker and often more efficiently than installing a bunch of different programs.

As a visual effects artist, I usually render out very large .tga sequences. From time to time, somebody will set the render options incorrectly and I will end up with a bunch of files that are missing an extension. So, if I called the sequence WalkSequence[####], the extension will be missing from some mistake in the render options. I could download a program that will automatically rename large groups of files for me, like the Bulk Rename Utility (direct download, x86, x64); or winautomation which is not freeware. You could also highlight all the files in Explorer and hit F2, rename the first file and then hit enter, however I don’t prefer this method.

What I do, is just use the DOS command REN or RENAME. With any DOS command, to learn the parameters and flags, just type the command and then /? after it. So, for REN, we’d type it like this:

REN /?

So, let’s say I had 1,000 files missing an extension. I’d type REN then the first filename followed by a wildcard (an asterisk in DOS) to indicate anything after then the new filename, and with the addition of the extension you want. DOS would then cycle through every single file matching the properties you defined, which is where the wildcards help. Like this:

REN WalkSequence* WalkSequence*.TGA

…which would turn your filenames into WalkSequence0001.tga and so on — and if you wanted to change .TGA to, say, .JPG, you would type it out like this:

REN WalkSequence*.TGA WalkSequence*.JPG

That’s it. When you type the command in DOS and hit enter, you won’t see any feedback, but the command will work. Some DOS commands issue feedback, some don’t.

XCOPY

Old folks don’t like launching applications like Acronis TrueImage and cwrsync. The XCOPY command has a tremendous amount of flags so it can be daunting to some folks. Don’t worry about it, as with any command, just step through the flags slowly and make it work for what you’re doing. The reason why I mention Acronis TrueImage and cwrsync, is because those are a couple of my favorite backup applications that I frequently use for law firms and computers in the home. Thing is, old folks forget to open seemingly complex programs like TrueImage and having to click buttons. They shut down the computers by accident, ruining my scheduled tasks, etc. So, my solution? XCOPY.

I need something as simple that (1) backs up the computer without any prompts whatsoever to confuse my computer illiterate clients; (2) be executed with a simple double-click; and (3) shuts down the computer when it’s all done.

XCOPY to the rescue. XCOPY allows me to do all of the above using a simple batch script. Let’s say I want to back up the Program Files directory to an external hard drive. The batch script I write would look something like this (E: is the external drive):

ECHO OFF
CLS
VERIFY ON

XCOPY C:\PROGRA~1\*.* /E /I /V /C /F /R /K /X /Y E:\

SHUTDOWN -S -C “Press ANY KEY in the COMMAND LINE WINDOW to ABORT THE SHUT DOWN PROCEDURE. Otherwise: This system WILL SHUT DOWN IN TWO MINUTES.” -T 120 -F

PAUSE
SHUTDOWN -A

Note: On Vista, the hyphen is no longer used and has been replaced with a forward slash. So, instead of SHUTDOWN -A, you’d type SHUTDOWN /A. I don’t know why Microsoft changed this.

Stepping through the flags individually, it isn’t as complex as it looks:

/E -Copies directories and subdirectories, including empty ones.

/I – If destination does not exist and copying more than one file, assumes that destination must be a directory.

/V – Verifies the size of each new file.

/C – Continues copying even if errors occur.

/F – Displays full source and destination file names while copying.

/R – Overwrites read-only files.

/K – Copies attributes. Normal Xcopy will reset read-only attributes.

/X – Copies file audit settings (implies /O).

/Y – Suppresses prompting to confirm you want to overwrite an existing destination file.

Notice how the flags, when combined, allow me to create the perfect execution of settings thereby permitting me to do exactly what I want, without any extra programs or complexities for my clients. All it takes is /?ing the commands to figure out how they work and tailoring them to your specific needs.

In future posts I will outline more specific examples of various commands and how they help me perform seemingly complex tasks in the Windows Recovery Console (such as FIXMBR, DISKPART, etc.) and others.

As always, email with questions:

Tags: , , , ,
Posted in Feature Focus, How-To | 3 Comments »