top of page
Search

Linux DD Command - Examples for Data Recovery

Updated: Mar 4

If you have ever wondered about the power of a simple command line-driven tool for data recovery magic, please read on. The Linux dd command is one of the most powerful utility tools that can be used in a variety of ways. This tool is mainly used for copying and converting data, hence it stands for data duplicator. Wildfire Data Recovery will take you through some great ways in which you can use this useful command to perform some powerful data rescue measures. What can this tool be used for?


  • Backing up and restoring an entire hard drive or a partition.

  • Creating virtual filesystem and backup images of CD or DVDs called ISO files

  • Copy regions of raw device files like backing up MBR (master boot record).


Plus much more read on 👍👇


WARNING: Only the superuser can execute this command. You should be very careful while using this command as improper usage may cause huge data loss. So, some people consider this tool as data destroyer.

 

Linux DD Command - Example for Data Recovery: Syntax of DD command:


The Linux DD command is a powerful example of a data recovery tool that comes built into the OS. The basic use of the dd command is rather easy because it takes just two arguments: if= to specify the input file and of= to specify the output file. The arguments to those options can be either files or block devices. I would, however, not recommend using dd to copy files because cp does that in a much simpler way. However, you can use it to clone a hard disk.


The syntax is:

dd if=<source file name> of=<target file name> [Options]

We will learn various options while going through dd command examples.



Image showing Command Line example of DD software within the Linux Operating System.
An example of using DD in Linux Command Line.

 

1. Backing up and restoring an entire disk or a partition


It is possible to save all the data from an entire disk/partition to another disk/partition. Not a simple copy as cp command but a block size copy.


a. Backup entire disk to disk - Linux dd:

You can copy all the data (entire disk) from the disk /dev/sda to /dev/sdb. dd doesn’t know anything about the filesystem or partitions; it will just copy everything from /dev/sda to /dev/sdb. You need to indicate the block size to be copied at a time with bsoption. So, this will clone the disk with the same data on the same partition. So, this will clone the disk with the same data on the same partition. For example:


# dd if=/dev/sda of=/dev/sdb bs=4096 conv=noerror,sync
97281+0 records in
97280+0 records out
99614720 bytes (100 MB) copied, 2.75838 s, 36.1 MB/s

This works only if the second device is as large as or larger than the first. Otherwise, you get truncated and worthless partitions on the second one. Here, if stands for the input file, of stands for the output file and bs stands for the block size (number of bytes to read/write at a time).


Make sure you use block sizes in multiples of 1024 bytes which is equal to 1KB. If you don't specify block size, dd uses a default block size of 512 bytes. The conv value parameter noerror allows the tool to continue to copy the data even though it encounters any errors. The sync option allows to use of synchronized I/O.


b. Creating dd disk image (file image):

You can create an image of a disk or a file image. Backing up a disk to an image will be faster than copying the exact data. Also, disk image makes the restoration much easier.

# dd if=/dev/sda of=/tmp/sdadisk.img

You can store the output file where you want but you have to give a filename ending with .img extension as above. Instead of /tmp/sdadisk.img, you could store it for example at /sdadisk.img if you want.


c. Backup a partition or clone one partition to another:


Instead of an entire disk, you can only back up a simple partition. You just need to indicate the partition name in the input file as below:

# dd if=/dev/sda1 of=/dev/sdb1 bs=4096 conv=noerror,sync

This will synchronize the partition /dev/sda1to /dev/sdb1. You must verify that the size of /dev/sdb1 should be larger than /dev/sda1. Or you can create a partition image as below

# dd if=/dev/sda1 of=/tmp/sda1.img

d. Restoring a disk or a partition image:

Save a disk or a partition helps to restore all the data, if there is any problem with our original drive. To restore, you need to inverse the input file with the output file indicated during backup operation as below.

# dd if=/tmp/sdadisk.img of=/dev/sda

You will retrieve data that were present before the backup operation and not after the operation.


 

2. Creating virtual filesystem/Backup images of CD or DVDs as iso files


You may need to create a virtual filesystem on Linux for the same reasons as creating a virtual machine on your Linux host. You can also need to create a backup iso image of a CD or DVD



a. Creating a virtual filesystem:

A virtual filesystem is a filesystem that exists in a file, which in turn exists on a physical disk. You can need it to create for example an additional swap or loop device or a virtual machine. We need /dev/zero which is a file used to create a file with no data but with the required size (a file with all zeros). In other words, this will create a data file with all zeros in the file which will give the size to a file.


# dd if=/dev/zero of=/file bs=1024K count=500
500+0 records in
500+0 records out
524288000 bytes (524 MB) copied, 1.21755 s, 431 MB/s

The option count refers to the number of input blocks to be copied. Combined with block size value, it indicates the total size to copy. For example bs=1024k and count=500 give a size=1024K*500 =524288000 bytes =524MB

Now let's check the size of our file


# ls -lh /file
-rw-r--r-- 1 root root 500M May 17 18:57 /file

You can see that we have our virtual filesystem created with the size indicated. You can now use it to create a loop device a virtual disk or anything else.



3. Backing up and restoring MBR


The GRUB bootloader is most commonly stored in the MBR of the bootable drive. The MBR makes up the first 512 bytes of the disk, allowing up to 466 bytes of storage for the bootloader. The additional space will be used to store the partition table for that drive. If MBR gets corrupted, we will not be able to boot into Linux.


a. Backing up MBR

Because the MBR makes up the first 512 bytes of the disk, we just need to copy that block size

# dd if=/dev/sda of=/tmp/sdambr.img bs=512 count=1

With the count=1 and bs=512, only 512 bytes will be copied which corresponds to the size of our MBR.


You can display the saved MBR with the od command which dumps files in octal and other formats as below:


# od -xa /tmp/sdambr.img
0000000    bf52    81f4    8b66    832d    087d    0f00    e284    8000
          R   ?   t soh   f  vt   - etx   }  bs nul  si eot   b nul nul
0000020    ff7c    7400    6646    1d8b    8b66    044d    3166    b0c0
          | del nul   t   F   f  vt  gs   f  vt   M eot   f   1   @   0

-a option selects named characters and -x selects hexadecimal 2-byte units


b. Backing up the boot data of MBR excluding the partition table

The MBR 512 bytes data is located at the first sector of the hard disk. It consists of 446 bytes bootstrap, 64 bytes partition table and 2 bytes signature. It means that we can exclude the partition table and bytes signature while backing up the MBR while conserving only a block size equal to the bootstrap size.

# dd if=/dev/sda of=/tmp/sdambr2.img bs=446 count=1


c. Restoring MBR from MBR image

You can restore your MBR as shown on the previous commands with:

# dd if=/tmp/sdambr.img of=/dev/sda

1,599 views1 comment

Recent Posts

See All
bottom of page