The Unix program dd is a disk copying util that you can use at the command line in order to make a disk image. It makes a bit-by-bit copy of the drive it’s copying, caring nothing about filesystem type, files, or anything else. It’s a great way to workaround the need for Norton Ghost.

Normally, in order to make a disk image, the disk you’re copying from has to be able to spin up and talk — in other words, it’s OK to make a copy if the disk is healthy. But what happens when your disk is becoming a doorstop? As long as it continues to spin, even with physical damage on the drive, dd will get you out of the fire.

A friend sent a disk to me that had hard physical errors on it. It would boot in Windows, but then it would hit one of these scratch marks and just die. We fired up dd, and it started OK, but stopped at the same physical error location — complaining about a Hard Error.

So the workaround was to designate the dd mode as noerror — which just slides over the hard stops, and to add the mode sync, which fills the image with nulls at that point.

dd bs=512 if=/dev/rXX# of=/some_dir/foo.dmg conv=noerror,sync

The bs=512 designates block size, and the if=/dev/rXX# is the UNIX path to the actual disk device. Make sure that the chosen directory (some_dir) has enough room to take the entire disk image — which will be equal to the size of the drive. Since dd doesn’t care about the contents of the drive, it copies every bit on the thing, so you get an image equal to the disk’s capacity. A really big file. One workaround is to put it on a RAID array.

Once you’ve established the disk image (in this example, foo.dmg), you’re almost home. Here’s where your Linux box is far and away the best thing to have. In this example, the dd output file is foo.dmg. You have to realize that this is an exact copy of a busted drive, but the “holes” are filled with nulls. As long as the damage isn’t to the boot sector, though, when you double-click on it, Linux mounts it without breathing hard … who cares if it’s FAT32, NTFS, whatever.

Due to the size of the image that we were copying, we put it on a RAID array, and had to access the image over the network — it still mounted fine. In straight UNIX, if you try to mount a disk image, it complains that there is “no block device” and fails. Once your image is mounted, it’s easy work to retrieve the critical files from the image — usually things like .doc files and .xls files and the lot.

Finally, since your disk is actually dying, once you have your image, you can drop it to tape or something and you’ve not only recovered your files, you’ve made a viable backup as well. Once again, that which destroys a Windows box becomes a play thing to a Linux box.