Logical damage of a drive is much more common compared to a physical damage. Power failures, accidental file deletion or introduction of malicious viruses cause logical failure, though power failure happens to be the most common cause for such an occurrence.
Logical data errors can occur on the fixed drive, dynamic memory on a device, or the floppy and zip disk. And it leads to data loss or problems with stability of operating systems.
Symptoms of Logical Errors
- Logical errors are identified when files, folders or, sometimes, even partitions are missing.
- When a file contains partial or no data at all, it is a logical error.
- Data that is available but incorrect is again an error of this type.
- When drives report a negative amount of free space it is due to this problem.
Logical Data Recovery
Logical data recovery is rebuilding files damaged by malicious intentions of users or due to viruses. Most of the files lost due to logical errors are recoverable, for the data may be intact though it might not be accessible.
There are different methods of recovery. The method to be used is dependant upon the nature of the error and the extent of the damage.
Recovery of Smaller Files
The recovery of smaller files is very easy if they are textual. Each cluster holds about 32kb. A system programmer will look at the drive and move important data to another file. A 100% recovery is possible.
Files that contain graphics require undamaged FAT for a complete recovery. Otherwise software expertise is required to make a file recovery.
Large Files and Fragmentation
Normally, large files are allocated on a number of consecutive clusters. File recovery is possible in such circumstances. But, over a period of time, the size of the files becomes larger. They get fragmented, for consecutive allocation becomes difficult. The clusters close-by would have been occupied by other files. It is difficult to locate highly fragmented files. They might be present on the drive, but their recovery is not possible.
Data Recovery from Overwritten Files
Files that have been overwritten can never be recovered. An attempt at recovery can be made by using the Magnetic Force Microscope (MFM.) But this method is expensive and not practical. And if the files are overwritten more than once, data recovery is a complete impossibility. This is the method File shredders work on. They rewrite the files repeatedly to erase the previous writings.
Data Recovery from Files in Bad Sectors
The process works by installing commercial imaging software on an alternate computer. This computer should have enough space on its drive to store the entire image of the bad drive. The computer should not be used during this process.
Alternately, a slave drive can be installed on the bad computer. If an external USB drive is attached, it should be attached to the IDE ports on the motherboard. Once the imaging has been done, commercial logical data recovery packages can be run to recover the lost files.
The whole process might take from half-an-hour to a few days. It depends on the number of bad sectors on the drive.
The computer should not be used before an attempt at recovery is made. Once a file is no longer protected by an entry in the FAT, the locations of the file are viable to be overwritten by fresh data. And, if this happens, data recovery becomes a practical impossibility.
Logical Error Repairs
Logical errors can be repaired by two techniques:
- Consistency checking is the first method. The logical structure of the disk is checked to ensure that it conforms to specifications
- The second method works at rebuilding the entire file system. The entire drive is scanned. The undamaged file structure is studied. File system structures and their possible boundaries are noted down
Most of the logical problems can be repaired using either of these two methods.
Logical problems of a drive occur more frequently, than physical damage. When such a problem occurs, data recovery is possible by using commercial imaging software. However, data recovery software cannot guarantee complete data recovery or prevention of data loss.
Some commonly circulating myths on the internet claim to have repaired the hard drive by dropping it from a table onto the carpeted floor. Such methods should never be resorted to. When the logical damage looks to have been caused by malicious attack, Computer Forensics investigations uncovers logs of external activity on the drive (this may also be refered to as digital forensics).