To reiterate: Trying to recover the data on the source drive (that failed and was unbricked) is playing with fire, right? So that's why I should prefer to use a clone...?
What type of risk are we talking if I start working on the source instead? Is it dependent on the operation I perform on it or is it something else at play?
Let's open a few scenarios:
- the unbricked drive is 100% (or 99.99%) functional (percentage of "good" data) and the only issue is a single sector that was corrupted/wiped/whatever
- the unbricked drive is (say) 55.32% functional and the remaining 44.68% cannot be recovered in any way
- the unbricked drive is (say) 55.32% functional BUT the remaining 44.68% can be read/imaged BUT NOT fixed (made accessible) while still on the same drive
- in any of the above, the recovering procedure introduces some "fixes", and either by mistake or by "wrong suggestion/approach" (or by bad luck/Murphy's Law) these "fixes" may cause a chain reaction that deletes (or anyway makes not anymore recoverable) more data
- in any of the above cases, since the drive has "bricked" itself at least once before, AND we don't know the exact reason why this happened there are MORE probabilities that it will re-brick itself soon, AND, since the unbricking wasn't actually really entirely successful - which could BTW mean that the cure for a "specific" illness by pure luck temporarily and partially cured the actual different unknown illsness the drive suffers from - we have NO idea if a further UNbricking will be possible at all .
Obviously if you are in case 1. or 2. having an image is only a precaution and not really *needed* (whilst anyway advised).
If you are in case 3. making an image/clone starts to make more sense.
BUT since cases 4. and 5. apply to ALL the previous ones the idea of making an image/clone starts to look like a really *needed* step....
Mind you Murphy's Law could well apply to the actual cloning procedure or to the "target" drive that while you are imaginfg to it - for any reason - decides to brick itself (or right after you have concluded the imaging)....
...and it is also possible that the drive has only a total of (say) three hours of life left which could be used more usefully in attempting to recover selected key data instead of "wasting" them cloning an area of the disk that contains unneeded data.....
The imaging/cloning procedure is the "standard" one as it has been the one (normally) being the less risky, but there aren't guarantees on any kind that it will work "better" than a "direct recovery" attempt or that it will work at all, if the cloning works, at least you have a "second chance", nothing more.
Decisions, decisions always decisions.....
While the disk cloning is running you should be able to start getting a few "key" sectors from both the source and the target drive, not knowing the specific software you are now running I cannot swear it will be possible but it should (i.e. the disks should not be "locked").
If you could get by using HDhacker:
the MBR (first sector of the \\.\PhysicalDrive)
or alternatively use the rawcopy as mentioned earlier:
Actually if you could get with the rawcopy the first 100 sectors of the disks (both source and target disk) by using:
(twice once for the target and once for the source) we could have already have some data to look at and also have a way to verify that the cloning is working (at least for the initial 100 sectors)
But again it is difficult to say , though UNprobable, it is possible that performing this action may somehow "disturb" the ongoing cloning....