partition recovery and lvm dd

How to use TestDisk to recover lost partition
Forum rules
When asking for technical support:
- Search for posts on the same topic before posting a new question.
- Give clear, specific information in the title of your post.
- Include as many details as you can, MOST POSTS WILL GET ONLY ONE OR TWO ANSWERS.
- Post a follow up with a "Thank you" or "This worked!"
- When you learn something, use that knowledge to HELP ANOTHER USER LATER.
Before posting, please read https://www.cgsecurity.org/testdisk.pdf
Locked
Message
Author
androider
Posts: 2
Joined: 19 Dec 2016, 05:39

partition recovery and lvm dd

#1 Post by androider »

My partition table was overwritten. In an attempt to save data for some kind of forensic recovery, I dd'd the device that the partition was on (
dd if=/dev/blocks/dm-0
). I only realised later on that this device was actually part of a volume group, only noticing because the name of the device was dm-0. I still have access to the device, so I can try to extract another dd, if I knew a better way to backup the device

I'm not sure how to proceed, because there are a lot of complications. First, the partition table was overwritten, and there is a new one in place. Second, I'm not quite sure how the logical volumes work. I believe that the physical drives are partitioned, marking the partition as LVM type, then LVM stores a configuration describing how to mount the logical volumes, then each logical volume is formatted using an ext4 filesystem. I don't know that there is any partition available to recover, here. I've had trouble retrieving the LVM configuration because this is an embedded system (Android). Because it's Android and the backing storage is flash, I'm also not quite sure how the CHS plays into it or even how testdisk uses it.

I've figured out that selecting "No partition" allows me to search for ext4 superblocks. TestDisk finds quite a few of those but when I try to examine them, I frequently pick the wrong one and have to redo a "deep search" to find them again

Am I going about this entirely wrong?

~ # fdisk -l /dev/block/dm-0
Note: sector size is 4096 (not 512)

Disk /dev/block/dm-0: 57.5 GB, 57588281344 bytes
255 heads, 63 sectors/track, 875 cylinders
Units = cylinders of 16065 * 4096 = 65802240 bytes

Disk /dev/block/dm-0 doesn't contain a valid partition table
Attachments
testdisk no part 875.zip
(19.72 KiB) Downloaded 242 times

User avatar
cgrenier
Site Admin
Posts: 5432
Joined: 18 Feb 2012, 15:08
Location: Le Perreux Sur Marne, France
Contact:

Re: partition recovery and lvm dd

#2 Post by cgrenier »

The partition type is Linux LVM. The partition is "formated" as a LVM physical volume (PV). PV are grouped in LVM Volume Group (VG). VG are divided in Logical Volume (LV).
To fix a LVM, you need to fix PV first, next VG, next LV, next the filesystem sitting on top of the LV.
Here are some of the commands you can use: "pvck -v" on each Linux LVM partition (ie. pvck -v /dev/sda6), "pvdisplay", "vgdisplay", "lvdisplay"...

androider
Posts: 2
Joined: 19 Dec 2016, 05:39

Re: partition recovery and lvm dd

#3 Post by androider »

Thanks! I was having trouble because the system used custom tools for LVM and it was not obvious how to see the mappings on the device. I'd tried pvscan and a few other commands to try to find the LVs but couldn't, until I realised that the entire disk was encrypted. That's why nothing was working. Merci pour tous vos efforts sur cet outil!

Locked