[d8apzl]

The image completed. Successfully? I cannot be positive it is an exact image because there were several errors that occurred before DRDD finished. However, DRDD did complete w/ errors.
25GB +/- 1GB was written to the image with DRDD.

Quote

The main $MFT should start at:
206848+786432*8=6498304
And it's Mirror at:
206848+61035263*8=488488952

The sectors do not match, see attachment.

This post has been edited by d8apzl: 20 July 2012 - 07:52 AM

[jaclaz]

d8apzl, on 20 July 2012 - 07:37 AM, said:

The sectors do not match, see attachment.

Hmmm.
One of the sectors is all 00's that may mean almost anything including the effect of the same thing that wrote B702 that could have wiped it, but the other one does contain some binary data (though not a $MFT mirror) it is unprobable that the whatever happened wiped one sector and wrote garbage to it's mirror.
It is much more likely that we are going to a wrong address.

Could it be that the first "100 Mb" partition is an artifact (of some kind) created by any of your previous attempts?

If this is the case, than logically there was before a "single" partition and then it would have started at the "default" (for Vista ) 2048.
Try again with sectors:
$MFT:
2048+786432*8=6293504
And it's Mirror at:
2048+61035263*8=488284152

Otherwise, a good idea could be to open with Tiny Hexer the disk, goto sector 6280000 then Edit->Find/Replace->input "FILE0" (please note that tis is CaSeSeNsItIvE), make sure that you have Text mode checked and "Dos 8 bits", then click on the "Find" button, at the prompt click on "Yes to all".

This might be a very looong step before you get a "hit".
Compare with this thread:
http://www.msfn.org/...-after-bsy-fix/

jaclaz

This post has been edited by jaclaz: 20 July 2012 - 08:08 AM

[d8apzl]

jaclaz, on 20 July 2012 - 08:07 AM, said:

d8apzl, on 20 July 2012 - 07:37 AM, said:

The sectors do not match, see attachment.

Could it be that the first "100 Mb" partition is an artifact (of some kind) created by any of your previous attempts?

Yes, the 100MB looks like a Win7 PE partition when I tried BOOTREC w/o success w/ Win7.

Quote

Otherwise, a good idea could be to open with Tiny Hexer the disk, goto sector 6280000 then Edit->Find/Replace->input "FILE0" (please note that tis is CaSeSeNsItIvE), make sure that you have Text mode checked and "Dos 8 bits", then click on the "Find" button, at the prompt click on "Yes to all".

I followed the instructions you specified. It doesn't look good. No 'FILE0' found and I received an I/O error.

Also, I noticed when I plugged the HDD back in to the XP to do all the work, the HDD light on my HD enclosure is constantly lit up. Could this be causing the I/O errors?

I would really hate to tell my cousins gf her drive is toast, but it looks like it's completely corrupt. What do you think?
see attached .bin files and screenshot.


EDIT: At this point, if I can read the files and transfer to a different drive it would be ok. If she set a pw the files may be inaccessible because of permission issues, yes?
When I ran a recovery program after trying the BOOTREC, it saved all the RAW files (11.9GB) by type,: FILE001.bmp; FILE002.bmp, etc.. but they are not accessible whatsoever, meaning you can open them and some have different file sizes but nothing shows up.

This post has been edited by d8apzl: 23 July 2012 - 06:01 PM

[jaclaz]

d8apzl, on 20 July 2012 - 06:38 PM, said:

I followed the instructions you specified. It doesn't look good. No 'FILE0' found and I received an I/O error.

Also, I noticed when I plugged the HDD back in to the XP to do all the work, the HDD light on my HD enclosure is constantly lit up. Could this be causing the I/O errors?

I would really hate to tell my cousins gf her drive is toast, but it looks like it's completely corrupt. What do you think?
see attached .bin files and screenshot.
error_1117.PNG

EDIT: At this point, if I can read the files and transfer to a different drive it would be ok. If she set a pw the files may be inaccessible because of permission issues, yes?
When I ran a recovery program after trying the BOOTREC, it saved all the RAW files (11.9GB) by type,: FILE001.bmp; FILE002.bmp, etc.. but they are not accessible whatsoever, meaning you can open them and some have different file sizes but nothing shows up.
files.png

I would be less pessimistic than you are, in the sense that from the few sectors you posted I don't have the feeling of a "toasted" disk, sure it may have had a few bad sectors but since the datarescuedd thing got to the end of the disk, it should be substantially "sound".
It seems to me like more probable that most of the "damages" have been made (for *any* reason) by the failed attempts at recovery, this is actually the reason why one should always - unless he/she is 100% sure that it is a trivial thing and he/she is positive that it can be solved with little effort - image the disk first thing, as in case of issues there is always a "way back".

I am not (yet) convinced that "everything" is lost.

You are now mentioning "password", I sincerely hope that you don't mean - by any chance - that the volume was encrypted .

I think I am missing something , a $MFT is a "not so little" amount of sectors, it would be queer it has been completely wiped.
The "786432*8" is the "default" address for it, if the disk was partitioned/formatted with the "standard" tools. If it is possible that some "non-standard" tool has been used, it may be at another address.

If I get right, you have now scanned starting from sector 6293504 all the way to the end of the disk.
The settings you have in Tiny Hexer seem correct .
Try this before giving up.
Do the scan from sector 20848 up to 6293504.
Try this time for the hex characters "46494C45" (they are the same as "FILE" in text).

Also, it may help me if you could gather (from your cousin) as many details on the "story" of this disk as you can get (like which OS was there, how many parittions, if he changed something, etc, etc.) and if you would provide a (synthetic) list of the actions you attempted on the disk (again with as much detail as you can remember) before making the image with datarescuedd, including the actual name of the apps you have used, and anything that you can remember about what they did or how they behaved.

Also, you should check the USB enclosure, it is possible that the "always lit" is the symptom of a problem .

But you can do the scan on the image, now that you have it .
Instead of File->Disk->Open Drive use File->Disk->Open disk image or large file as drive....

jaclaz

This post has been edited by jaclaz: 21 July 2012 - 02:44 AM

[d8apzl]

Quote

I am not (yet) convinced that "everything" is lost.

You are certainly optimistic. When I did the search for "46494C45" from 20848 I do notice that there is a lot of data there so the backup (& drive) still holds data.

Quote

Also, you should check the USB enclosure, it is possible that the "always lit" is the symptom of a problem .

I rebooted the XP and when it came back, the lit hdd light had stopped. After I opened the drive in drdd, the lit light was constant again. I rebooted again, it's fine now.

Quote

Also, it may help me if you could gather (from your cousin) as many details on the "story" of this disk as you can get (like which OS was there, how many parittions, if he changed something, etc, etc.)

She cannot recall all that much, and at this point she said, all she cares about is the photos on the drive.
I can tell you the OS was always the Vista that came w/ the laptop. Microsoft Windows Vista Home Premium 64-bit Edition. Very sorry, I didn't think it was 64-bit, I thought it was 32-bit.
She also said that one day it just stopped working probably due to the laptop overheating, she cannot be sure if there was a virus or not, the drive was probably not encrypted unless it was a default setting. It should've been a standard Vista OS as a single partition, unless HP had a hidden recovery partition.

Quote

and if you would provide a (synthetic) list of the actions you attempted on the disk (again with as much detail as you can remember) before making the image with datarescuedd, including the actual name of the apps you have used, and anything that you can remember about what they did or how they behaved.

Again, I'm very sorry. I did try a few things w/o success before I posted here.

Tried Bootrec commands from Win7 w/ failing disk as enclosure..
- /fixmbr /fixboot, but this must have been run on the PE partition because I could not access the single partition w/ Vista OS on it.

Next, I tried the Vista PE w/ the failing drive in the laptop
- /fixmbr /fixboot, also on the PE partition because I couldn't access the OS partition.

Next I tried a few apps w/o success like MbrFix, EasyBCD, Stellar Phoenix Windows Data Recovery - Home, EASEUS Data Recovery Wizard Professional 4.0.1, Kernel for Windows Data Recovery.

MbrFix
MbrFix /drive <num> fixmbr /vista

EasyBCD
I tried the BCD Backup/Repair w/o success

I even tried am ubuntu LiveCD to access and restore the boot record but I couldn't download the MS-SYS program to do anything so I scraped the idea.
http://www.ehow.com/...mbr-ubuntu.html

Please do not be upset, I know I s*ck because I didn't know how to make a backup of the drive before using these tools. This is when I saw your posts on msfn.org and decided to post here. Thank you for all your help w/ this and for not giving up.

The backup is still scanning at 203000

EDIT: found boot sectors?!?

This post has been edited by d8apzl: 27 July 2012 - 05:03 PM

[jaclaz]

d8apzl, on 21 July 2012 - 11:08 AM, said:

The backup is still scanning at 203000

EDIT: found boot sectors?!?
bootsector_questionmark.PNG

My bad , I was not clear enough.
You are now searching for a "hex string", so you need to DE-select the "Find text" checkbox.
Sorry for the misunderstanding , you'll need to redo starting from 20848 .

At first sight the only thing that may have caused a serious data corruption is the Windows 7 bootrec command (I am not familiar with it, but - as a general rule - never use a tool designed to recover a given OS or another OS), but this does not yet explains the kind of issue you are having.

If all the thing that needs to be recovered are the photos, you may ( if nothing works) still try Photorec, but from what you posted about the "poor" quality of the recovered files by the other application, I cannot swear that it could be any better for a "file recovery" approach.

HP normally does use a recovery partition, but cannot say right now if this could have influenced anything, I mean that partition, if it was before the "mian" one would probably have been bigger than the current stoopid WIndows 7 partition, so the $MFT should have been at the most "after" the calculated addresses.
If there was a HP recovery partition and it was before the main partiton and it was less than 100 MB, then the addresses calculated woould be wrong.
Let's see what happens with the search.....

jaclaz

This post has been edited by jaclaz: 21 July 2012 - 11:47 AM

[d8apzl]

this looks like a false positive I will keep searching.




she did mention that there could've been XP on it then Vista was loaded on top of that, but she said that it could've been a different laptop she was thinking of so I just dismissed it.

This post has been edited by d8apzl: 23 July 2012 - 06:01 PM

[jaclaz]

d8apzl, on 21 July 2012 - 11:58 AM, said:

this looks like a false positive I will keep searching.

Yes, that is the problem when searchig for "FILE" or "46494C45".
On second thought, you could change the hex string to "46494C4530" (same as "FILE0"), it would avoid false positives.
If you get t the "right" sector, the string "FILE0" will be, see the mentioned thread:
http://www.msfn.org/...ix/page__st__15
in the top row of the viewed sector.

jaclaz

[d8apzl]

would this be it?!

[jaclaz]

d8apzl, on 21 July 2012 - 01:37 PM, said:

would this be it?!
FILE0.PNG

NO.

jaclaz, on 21 July 2012 - 12:32 PM, said:

If you get t the "right" sector, the string "FILE0" will be, see the mentioned thread:
http://www.msfn.org/...ix/page__st__15
in the top row of the viewed sector.

but anyway jolt down the number of sectors where you find a hit.

jaclaz

[d8apzl]

http://www.msfn.org/...ix/page__st__15I went over my upload quota, didn't realize
here are my findings so far.. 454000 and going w/ data

'FILE0' somewhere in the middle of '0123456789ABCDED' unless specified

SECTOR 62591

SECTOR 62597

SECTOR 62603

SECTOR 62606

SECTOR 62614

SECTOR 62618

SECTOR 62675

SECTOR 62703

SECTOR 62706

SECTOR 62730

SECTOR 62781

SECTOR 62806

SECTOR 62879

SECTOR 62909

SECTOR 62959

SECTOR 62990

SECTOR 63194

SECTOR 63198

SECTOR 63226

SECTOR 63236

SECTOR 63260

SECTOR 63274

SECTOR 63301

SECTOR 63303 (very bottom)

SECTOR 63318

SECTOR 63345

SECTOR 63376

SECTOR 63379

SECTOR 63394

SECTOR 63406

SECTOR 63456

SECTOR 63468

SECTOR 63492

SECTOR 63505

SECTOR 63532

SECTOR 63535

SECTOR 63350 (top but not 1st on left)

SECTOR 63565

SECTOR 63601

SECTOR 63612 (bottom 1st)

SECTOR 63638

SECTOR 63651

SECTOR 63678

SECTOR 63681

SECTOR 63695

SECTOR 63715

SECTOR 63760

SECTOR 63771

SECTOR 63795

SECTOR 63808

SECTOR 63836

SECTOR 63838

SECTOR 63853

SECTOR 63870

SECTOR 63964

SECTOR 63995

SECTOR 63998

SECTOR 64023

SECTOR 64061

SECTOR 64073

SECTOR 64097

SECTOR 64110

SECTOR 64137

SECTOR 64140

SECTOR 64154

SECTOR 64169

SECTOR 64305

SECTOR 64332

SECTOR 64335

SECTOR 64359

SECTOR 64497

SECTOR 64522

SECTOR 64610 (top but not 1st on left)

SECTOR 64616

SECTOR 64650

SECTOR 64652

SECTOR 64676

SECTOR 64689

SECTOR 64716

SECTOR 64719

SECTOR 64734

SECTOR 64750

SECTOR 64784

SECTOR 64800

SECTOR 64824

SECTOR 64837

SECTOR 64864

SECTOR 64867

SECTOR 64882

SECTOR 64898

SECTOR 64964

SECTOR 64989

SECTOR 65183

SECTOR 65188

SECTOR 65219

SECTOR 65222

SECTOR 65245

SECTOR 65258

SECTOR 65286

SECTOR 65293

SECTOR 65308

SECTOR 65323

SECTOR 65359

SECTOR 65366

SECTOR 65395

SECTOR 65412

SECTOR 65440

SECTOR 65443

SECTOR 65468

SECTOR 65487

SECTOR 65538

SECTOR 65562

SECTOR 65602

SECTOR 65632

SECTOR 65635

SECTOR 65650

SECTOR 65700

SECTOR 65725

SECTOR 66035

SECTOR 66061

SECTOR 70312 (BINGO!?) took screenshot (top left)

SECTOR 70314 (BINGO?!) took screenshot (top left)

SECTOR 70316 (eh bingo?) took screenshot (top left)

SECTOR 70318 (maybe nothing) took screenshot (top left)

SECTOR 70320 (top left)

SECTOR 70322 (top left)

SECTOR 70324 (top left)

SECTOR 70326 (top left from here on unless specified differently)

SECTOR 70328

SECTOR 70330

SECTOR 70332

SECTOR 70334

SECTOR 70336

SECTOR 70338

SECTOR 70340

SECTOR 70342

SECTOR 70344 (exactly like the screenshot from the fellow in the post you sent the link to) http://www.msfn.org/...ix/page__st__15

SECTOR 70346

SECTOR 70348

SECTOR 70350

SECTOR 70352

SECTOR 70354

SECTOR 70356

SECTOR 70358

SECTOR 70360

SECTOR 70362

SECTOR 70364

SECTOR 70366

SECTOR 70368

SECTOR 70370

SECTOR 70372

SECTOR 70374

SECTOR 70376

SECTOR 70378

SECTOR 70380

SECTOR 70382

SECTOR 70384

SECTOR 70386

SECTOR 70388

SECTOR 70390

SECTOR 70392

SECTOR 70394

SECTOR 70396

SECTOR 70398

SECTOR 70400

SECTOR 70402

SECTOR 70404

SECTOR 70406

SECTOR 70408

SECTOR 70410

SECTOR 70412

SECTOR 70414

SECTOR 70416

SECTOR 70418

SECTOR 70420

SECTOR 70422

SECTOR 70424

SECTOR 70426

SECTOR 70428

SECTOR 70430

SECTOR 70432

SECTOR 70434

SECTOR 70436

SECTOR 70438

SECTOR 70440

SECTOR 70442

SECTOR 70444

SECTOR 70446

SECTOR 70448

SECTOR 70450

SECTOR 70452

SECTOR 70454

SECTOR 70456

SECTOR 70458

SECTOR 70460

SECTOR 70462

SECTOR 70464

SECTOR 70466

SECTOR 70468

SECTOR 70470

SECTOR 70472

SECTOR 70474

SECTOR 70476

SECTOR 70478

SECTOR 70480

SECTOR 70482

SECTOR 70484

SECTOR 70486

SECTOR 70488

SECTOR 70490

SECTOR 70492

SECTOR 70494

SECTOR 70496

SECTOR 70498

SECTOR 70500

SECTOR 70502 BCD

SECTOR 70504 BCD LOG

SECTOR 70506

SECTOR 70508

SECTOR 70510

SECTOR 70512

SECTOR 70514

SECTOR 70516 (I can make out w.i.n.7.l.d.r in the middle)

SECTOR 70518

SECTOR 70520

SECTOR 70522

SECTOR 70524

SECTOR 70526

SECTOR 70528

SECTOR 70530

SECTOR 70532

SECTOR 70534

SECTOR 70536

SECTOR 70538 - 70800 every 2 sectors (FILE0 @ top left)

SECTOR 143388 (searched through lots of Data before hitting this FILE0 but it is closer to the middle not top left)

SECTOR 196507 ( again in the middle, searched through lots of data before hitting )

SECTOR 241647 ("RCRD(" on very top left, FILE0 near bottom, searched through lots of data before hitting)

SECTOR 376148 (Top Left)

SECTOR 376150 (Top Left) (I could make out Las vegas and Grand canyon MOD (pictures maybe?))

SECTOR 393205 ("f) 'screenshot, went over quota cannot attach'

SECTOR 406310 (FILE0 3rd line from the top, can recognize c.o.o.k.i.e.s. .s.q.l.i.t.e. .j.o.u.r.n.a.l.)

Lot of 0000s .............. between this point

more data after approx SECTOR 423600

more 0000s after approx SECTOR 430000

more data after approx 444000

[d8apzl]

found a few more... still searching...

SECTOR 500941 (somewhere in middle)

SECTOR 805725 (somewhere in middle)

SECTOR 832637 ('FILE0' 3rd line from bottom @ 9 across)

This post has been edited by d8apzl: 23 July 2012 - 01:24 AM

[submix8c]

Not necessarily OT...

If (I say, IF!) you can get the Pictures backed off of the C-Drive and (I say, AND!) the Recovery Partition is kept intact and accessible, then (and ONLY THEN!) I may be able to help you with getting the HP MBR "special" code (I believe it has some) back so you can do a Factory Restore. I say this because you have apparently/probably wiped it with your fiddling.

Not hijacking, jaclaz, just offering some post-recovery assistance... (HP Laptop WinVista Home Prem x64)

[d8apzl]

submix8c, on 22 July 2012 - 05:08 PM, said:

Not necessarily OT...

eh. I just need the pictures from the drive ultimately.
But getting the $MFT back to life or overwritten is fun and would be interesting, and a bonus.

...

SECTOR 1438535 (4 rows down @ 9 across)

SECTOR 1803602 (top left)

SECTOR 1803064 (top left)

SECTOR 1803606 (top left)

This post has been edited by d8apzl: 23 July 2012 - 01:21 AM

[jaclaz]

OK.

A $MFT is actually made of n "entries", each two sectors in size, and each beginning with "FILE0".
A $MFT mirror is a copy of the first 4 (four) such entries.

Right now you seem like having a possibly valid "something" starting at sector 70312 up to 70801, but keep searching.

Once you have finished going through the drive, copy the groups of sectors that correspond to these characteristics (like the group above) to new files.
To do so, you can use datarescuedd allright (using the SECTORS fields and NOT the SIZE ones).
To be on the "safe" side, copy some more sectors before he first hit and after the last hit in the group, let's say 200 sectors more or something like that, for the example found above, instead of copying only sectors 70312-70801, copy 1000 sectors, i.e. from 70000 to 71000.
Verify that you got the "right" sectors extracted, then zip all the files and upload the zip somewhere I can get them from, like zshare or similar and post a link to the files.
To re-gain some "quota" on the forum, you may want to edit your previous post and delete from them the attachment screenshots, they are not needed anymore, and/or you may want to post them screenshots on a free image hosting service and post the link to it.

jaclaz

[d8apzl]

SECTOR 1882138 (top left)

SECTOR 1882140 (top left)

SECTOR 1882142 (top left)

SECTOR 1954380 (top left) amd 64 microsoft windows ie html rendering

SECTOR 1954382 (top left) activex

SECTOR 2083511 (5 rows down @ 0)

SECTOR 2178150 (below mid)

I didn't realize how much I have left to go - 217356288

Quote

To be on the "safe" side, copy some more sectors before he first hit and after the last hit in the group, let's say 200 sectors more or something like that, for the example found above, instead of copying only sectors 70312-70801, copy 1000 sectors, i.e. from 70000 to 71000.
Verify that you got the "right" sectors extracted, then zip all the files and upload the zip somewhere I can get them from, like zshare or similar and post a link to the files.

attached sectors.

Quote

To re-gain some "quota" on the forum, you may want to edit your previous post and delete from them the attachment screenshots, they are not needed anymore, and/or you may want to post them screenshots on a free image hosting service and post the link to it.

Thank you sir!

[jaclaz]

The file you posted is a $MFT .

The $MFT contents are seemingly that of a (well mixed up) Windows 7 "system" partition, without going into much details, the $MFT has been created (please read as filesystem was formatted) on 2010-04-26, and some of the usual WIndows 7 boot files are there with the same date.
Then there are folders:

• $WINDOWS.~LS
  
• SETUPT~1
  
• Sources

created on 2011-09-02
Then there is a mountpoint made on 2012-07-15 (this is probably compatible with your attempts)
Then there is a deleted folder MSI4519d.tmp created on 2012-07-22 (this is probably compatible with your attempts)

This is the $MFT of the first partition allright.
This is at the same time some good news and some bad news , the good news are that you didn't seemingly did any "meaningful" damage to this volume during your attempts, the bad news are that you still need to search for the $MFT (or traces of it) on the "main" partition.
Some more bad news are that your cousin actually LIED to you , the bootmgr is seemingly that of a Windows 7 (and is there since 2010) and evidently some attempts to re-install Vista or 7 were made in September 2011.

jaclaz

[submix8c]

GACK!!!! (as in BARF!)

Someone royally screwed it up! Potentially that Partition can be put back to its original OEM state (have to investigate that) as well as the "special" MBR code. It all depends on what (with jaclaz' help) can be "found" on the First Partition (I believe this is the usual place for the Factory WIM/SWM Image). What should have been the Vista (not Win7 x86/x64 whatever/whichever).
-see BOOTMGR comment above-

Those Pictures seem to be the important factor as well - recovering (if possible) the Second Partition (the actual Running OS) now becomes rather (somewhat) important.

-post made as a follow-up based on my knowledge of Vista/Win7 OEM Install-
edit - Hmmm - may not be a "special" MBR - maybe just std. Vista - the remainder would be via F8 into the Recovery (Partition#1).
edit2 - restore to factory (if Part#1 "fixed") by setting it to Active?
edit3 - info making me unsure of complete restore (should be 3 partitions?)
edit4 - MBR "special" code probably same as the one on HP XP-install (maybe) so could help with that (later) to get F11 back.
edit5 - HP Restore MSFN HP MBR MSFN HP MBR#2
"What else does the box say, Steve?"

This post has been edited by submix8c: 24 July 2012 - 12:45 PM

[d8apzl]

Quote

GACK!!!! (as in BARF!)

Anything I can do to get the photos back.

Quote

This is the $MFT of the first partition allright.
This is at the same time some good news and some bad news , the good news are that you didn't seemingly did any "meaningful" damage to this volume during your attempts, the bad news are that you still need to search for the $MFT (or traces of it) on the "main" partition.
Some more bad news are that your cousin actually LIED to you , the bootmgr is seemingly that of a Windows 7 (and is there since 2010) and evidently some attempts to re-install Vista or 7 were made in September 2011.

they probably don't know what OS she has/had.

It is possible someone else took a crack at restoring the laptop/hdd and failed.



SECTOR 2533196 (near bottom)

SECTOR 3458039 (near mid bottom)

SECTOR 3853742 (near mid bottom)

SECTOR 4179527 (high mid)

SECTOR 4254311 ("PROFILE0")


Please advise..

[jaclaz]

d8apzl, on 24 July 2012 - 08:57 PM, said:

Please advise..

Patience you must have, my young padawan.

Continue scanning, I am pretty sure that before or later you will get to the "real" thing.

@submix8
In this particular case, noone cares about the "first partition", nor abut the MBR code, nor about the OS, the "only" priority is getting back some data (namely some pictures).
BTW, with 99.99% probability the original HP recovery partition has been wiped/overwritten in 2010.

The reason why I am insisting on trying to get some partition data (as opposed to use a plainer "file-based" recovery approach, is that d8apzl already tried a couple of "file based" recovery software, with bad results (files recovered but "invalid")
Generally speaking something like this is often connected with a high fragmentation level, and file based recovery in very rare cases is able to recover (valid) .jpg files if they are fragmented, and IMHO the .jpg file format, though having a very good compression level, is one of the most "fragile" file formats around, in most cases one single byte missing or wrong can create an invalid image and "repairing" a corrupted jpeg is either very difficult or impossible.

jaclaz