missing partitions only shown in forensic mode as "loop"

[paynor]

Situation before problem;
functioning UEFI 240GB SSD with four partitions:
-boot (around 500 MB)
-linux (around 6 GB)
-windows system (ntfs - around 130 GB)
-other data (ntfs - around 100 GB).

Problem triggered when SDD removed to do laptop repair, then laptop was rebooted with no SDD present.
This probably reset the BIOS to non UEFI mode, so on next reboot with SDD the problem arose:
No bootable partitions.
Aha. Put BIOS back in UEFI mode and rebooted.
Still no bootable partitions.

Ran Testdisk from fresh installation of ALT-Linux-recover usbdrive.
Found just two partitions on the SDD (sda), a big linux partition (bigger than the real missing) and the ntfs partition, Other data.

changed to forensic mode.
Now 4 "loop" partitions are shown, sizes seem to be correct for the missing partitions. See the log file pasted below. What would be the procedure to recover loop0 - loop4?
------------------------------------------------------------------------------------------------------------

Fri Jun 14 22:53:05 2024
Command line: TestDisk

TestDisk 7.2, Data Recovery Utility, February 2024
Christophe GRENIER <grenier@cgsecurity.org>
https://www.cgsecurity.org
OS: Linux, kernel 6.6.32-un-def-alt1 (#1 SMP PREEMPT_DYNAMIC Sat May 25 18:20:35 UTC 2024) x86_64
Compiler: GCC 13.2
ext2fs lib: 1.46.4, ntfs lib: libntfs-3g, reiserfs lib: 0.3.0.5, ewf lib: none, curses lib: ncurses 6.3
/dev/sda: LBA, HPA, LBA48 support
/dev/sda: size 468862128 sectors
/dev/sda: user_max 468862128 sectors
/dev/sda: native_max 468862128 sectors
Warning: can't get size for Disk /dev/mapper/control - 0 B - 0 sectors, sector size=512
Warning: can't get size for Disk /dev/loop10 - 0 B - 0 sectors, sector size=512
Warning: can't get size for Disk /dev/loop11 - 0 B - 0 sectors, sector size=512
Warning: can't get size for Disk /dev/loop12 - 0 B - 0 sectors, sector size=512
Warning: can't get size for Disk /dev/loop13 - 0 B - 0 sectors, sector size=512
Warning: can't get size for Disk /dev/loop14 - 0 B - 0 sectors, sector size=512
Warning: can't get size for Disk /dev/loop15 - 0 B - 0 sectors, sector size=512
Warning: can't get size for Disk /dev/loop4 - 0 B - 0 sectors (RO), sector size=512
Warning: can't get size for Disk /dev/loop5 - 0 B - 0 sectors, sector size=512
Warning: can't get size for Disk /dev/loop6 - 0 B - 0 sectors, sector size=512
Warning: can't get size for Disk /dev/loop7 - 0 B - 0 sectors, sector size=512
Warning: can't get size for Disk /dev/loop8 - 0 B - 0 sectors, sector size=512
Warning: can't get size for Disk /dev/loop9 - 0 B - 0 sectors, sector size=512
Hard disk list
Disk /dev/sda - 240 GB / 223 GiB - CHS 29185 255 63, sector size=512 - KINGSTON SA400S3, FW:T1.3
Disk /dev/sdb - 3911 MB / 3730 MiB - CHS 1018 121 62, sector size=512 - STORE N GO, FW:2.00
Disk /dev/loop0 - 570 MB / 544 MiB - 1114936 sectors (RO), sector size=512
Disk /dev/loop1 - 6127 KB / 5984 KiB - 11968 sectors (RO), sector size=512
Disk /dev/loop2 - 134 GB / 125 GiB - 263329792 sectors (RO), sector size=512
Disk /dev/loop3 - 105 GB / 98 GiB - 205529088 sectors (RO), sector size=512

Partition table type (auto): None
Media is opened in read-only.
Disk /dev/loop2 - 134 GB / 125 GiB (RO)
Partition table type: Intel

Analyse Disk /dev/loop2 - 134 GB / 125 GiB - 263329792 sectors (RO)
Geometry from i386 MBR: head=117 sector=51
BAD_RS LBA=6579571 510
check_part_i386 1 type 70: no test
BAD_RS LBA=1953251627 453
check_part_i386 2 type 43: no test
BAD_RS LBA=225735265 450
check_part_i386 3 type 72: no test
get_geometry_from_list_part_aux head=1 nbr=6
get_geometry_from_list_part_aux head=8 nbr=1
get_geometry_from_list_part_aux head=16 nbr=1
get_geometry_from_list_part_aux head=32 nbr=1
Current partition structure:
1 * DiskSecure MB 6579571 1924427647 1917848077

Warning: Bad starting sector (CHS and LBA don't match)
2 * Sys=43 1953251627 3771827541 1818575915

Warning: Bad starting sector (CHS and LBA don't match)
3 * Sys=72 225735265 225735274 10

Warning: Bad starting sector (CHS and LBA don't match)
Only one partition must be bootable
Space conflict between the following two partitions
1 * DiskSecure MB 6579571 1924427647 1917848077
3 * Sys=72 225735265 225735274 10

search_part()
Disk /dev/loop2 - 134 GB / 125 GiB - 263329792 sectors (RO)
NTFS at 263329791/0/1
heads/cylinder 255 (NTFS) != 1 (HD)
sect/track 63 (NTFS) != 1 (HD)
filesystem size 263329785
sectors_per_cluster 8
mft_lcn 4
mftmirr_lcn 2872447
clusters_per_mft_record -10
clusters_per_index_record 1
HPFS - NTFS 7 263329791 263329785
NTFS found using backup sector, blocksize=4096, 134 GB / 125 GiB
Search for partition aborted
get_geometry_from_list_part_aux head=1 nbr=2

Results
* HPFS - NTFS 7 263329791 263329785
NTFS found using backup sector, blocksize=4096, 134 GB / 125 GiB

Hint for advanced users: dmsetup may be used if you prefer to avoid rewriting the partition table for the moment:
echo "0 263329785 linear /dev/loop2 7" | dmsetup create test0

interface_write()
1 * HPFS - NTFS 7 263329791 263329785
simulate write!

write_mbr_i386: starting...
write_all_log_i386: starting...
No extended partition

TestDisk exited normally.

[recuperation]

Situation before problem;
functioning UEFI 240GB SSD with four partitions:
-boot (around 500 MB)
-linux (around 6 GB)
-windows system (ntfs - around 130 GB)
-other data (ntfs - around 100 GB).

Your lines above are a a very good description of the status befor your incident happened!
They are particularly helpful when verifying what TestDisk found.

Problem triggered when SDD removed to do laptop repair, then laptop was rebooted with no SDD present.
This probably reset the BIOS to non UEFI mode, so on next reboot with SDD the problem arose:
No bootable partitions.
Aha. Put BIOS back in UEFI mode and rebooted.
Still no bootable partitions.

Ran Testdisk from fresh installation of ALT-Linux-recover usbdrive.
Found just two partitions on the SDD (sda), a big linux partition (bigger than the real missing) and the ntfs partition, Other data.

changed to forensic mode.

What is "forensic mode"? Please explain!

Now 4 "loop" partitions are shown, sizes seem to be correct for the missing partitions. See the log file pasted below. What would be the procedure to recover loop0 - loop4?

The easiest way is to follow this procedure:

https://www.cgsecurity.org/wiki/TestDisk_Step_By_Step

Checking each partition for readable content using the "p"-key. When content is discovered, mark file and folders and copy them to an external location using TestDisk.

Your current partition structure does not match your good description above at all. Furthermore the size of some partitions as described in your partition tabel exceed the available space of your Kingston SSD. Trying to look into those should fail. Using Quick Search and maybe deeper search is mandatory for you. If you fail using TestDisk you should try out other (commercial) software. PhotoRec would be the mean of last resort.

[paynor]

What is "forensic mode"? Please explain!

I ran testdisk from the ALT-linux recover bootable usb. The boot menu of ALT-linux recover gives the option of "forensic mode", which I imagine puts the sdd/hdd in read-only mode at the Linux kernel level. So that when testdisk is subsequently run, it is prevented from writing to the damaged drive. By design, to prevent accidental worse damage.

Thanks for your suggestions. I still do not understand what the "loop0", "loop1" etc. that seem to correspond to possible partitions found means.

[recuperation]

https://en.wikipedia.org/wiki/Loop_device

I don't know if it is your pen drive operating system or TestDisk that is creating the loop devices.