Skip navigation.
Home

Bad superblock recovery

What do you do when you receive a "bad superblock" error on a USB or other Flash drive? Well, firstly you kick yourself for not backing up important data on said drive for the past nine days; you're old enough to know better than that. Secondly, you kick yourself for using that piece of rubbish called the FAT32 filesystem which was default for Windows 95, but is what every USB drive ships with because it's the last file format released by Microsoft that actually communicates with other operating systems, despite the fact that it's as buggy as hell and is prone to disaster.

Once you've done kicking yourself you look the message. You could even try mounting the disk e.g..,


mount /dev/sdb1 /mnt: Input/output error
mount: /dev/sda1: can't read superblock

Now there's a lot of cries for help on this issue as a casual google search will indicate. However there is a way to solve this.

First, make a copy of the disk image that isn't totally broken;

ddrescue -n /dev/old_disk /directory/backupfile rescued.log

Then try to recover as much of the dicey areas as possible;

ddrescue -r 1 /dev/old_disk /directory/backupfile rescued.log

Now at least you're not playing with the real thing, for what it's worth.

You could run a fsck on the disk, for what it's worth. But I found that foremost is the tool you want to use. It recovers files using their headers, footers, and data structures; which means it's isn't brilliant at finding text files because they tend not to have a header - these will often be buried in an .exe file or similar.

The basic command to run is;

foremost -av backupfile

It won't run quickly and you will end up with a lot of files; including many backups of previous work, jpegs and the like extracted from PDFs etc. You will also want to run a grep over the directory to find out where your text files are e.g.,


cd output
grep linux * -R

Perhaps not so surprisingly for something used in law enforcement computer forensics and developed by the United States Air Force Office of Special Investigations, it'll probably find almost everything from your corrupted disk.