Data Recovery and Disk Utilities Forum @R-TT

Hi everybody,

seems R-Studio does not handle correctly VHD generated by Windows Server Backup (2008 R2 tried so far).
I tried to recover a damaged VHD, but after getting wierd results I scanned a working one, and found out R-Studio does not handle it neither.
R-Studio does not recognize the virtual device ("msft virtual disk 1.0") nor the partitions.
On a working VHD with a single NTFS partition (starting at 64 KB offset) R-Studio:
- "find" about 50 partitions, all of them with wierd partition offsets like "-10 GB" (yeah, minus, it's not a typo)
- find a lot of "extra found files"
- never recover a file correctly: even when it claims so, file content is wrong (ie supposed Office document file contains executable headers)

Files are recovered correctly using "raw files" search (of course loosing filename and folder).

It seems R-Studio is able to detect the directory structure, but extracts the file content from the wrong disk sector.
Also it get confused from a 100 GB VHD which contains a 300 GB device/volume (Windows Backup does it this way. A 300 GB volume is saved to a file as big as the actual used space).

Is there a way to recover Windows Backup VHD?

Regards,
Corrado

After further investigations my findings are R-Studio does not support dynamic (virtual) hard disks.
This is the VHD format used by Windows Server Backup.

Per Microsoft specification these disks have an extra data structure called Blocks Allocation Tables (BAT) used to remap sectors. In example, sector 1,000,000 is not actually the 1,000,000th sector on disk. Instead it can be anywhere and the actual location is pointed by BAT.

Regards,
Corrado

Did you scan a attached VHD, or just a file?
Maybe this article can be helpful? Data Recovery from Virtual Hard Disk (VHD) Files.

I scanned the file, like in Scenario 2 of the document you pointed out.
If the VHD is already attached (Scenario 1) everything works fine (ie Windows handles the BAT translation).
But R-Studio fails working with a dynamic VHD file directly (I believe because it's not aware of BAT).

Also "raw file" recovery only works for "small" files (< 2 MB) because BAT blocks are usually 2 MB.
So a file bigger then 2 MB will be scattered around multiple blocks and will be not contiguous anymore.

Regards,
Corrado

You're right, R-Studio doesn't support all VHD types directly, that's why this article's was written.

Actually the article does not says "some VHD formats are not supported".
That's why this post was written

Please update the article or, even better, add support for dynamic VHDs to R-Studio.

Regards,
Corrado

Well, the article never ever mentions any kind of support of VHD files. It presents a trick that allows R-Studio recover files from VHD.

The article explictly says R-Studio can "open VHD files as disk images".
What it does not say is it will work 1 time out of 3.
It should work with static VHD, it will not with dynamic and differentials ones.

It's not clear what are you trying to do here.
Denying the evidence?
Upset a customer?

Well, the latter is workng.

Regards,
Corrado

Frankly speaking, I'm merely trying to explain what R-Studio can and cannot do. I really sorry if I upset you.