ClawHub

Exfat Recovery

Other
ExfatUsbWindowsData Recovery

Recover corrupted exFAT USB drives on Windows without formatting. Diagnose boot region corruption, repair with chkdsk or TestDisk, and prevent future corruption with write cache fixes, shutdown flush scripts, and automated boot region backups. Covers the 'needs to be formatted' panic scenario.

Install

openclaw skills install @solomonneas/exfat-recovery

exFAT Recovery — Fix "Needs to be Formatted" Without Losing Data

When Windows says your external drive "needs to be formatted," your data is almost always fine. The exFAT boot region got corrupted (usually from write caching + unexpected shutdown). This skill walks through diagnosis, repair, and prevention.

When to Use

  • External USB drive suddenly says "needs to be formatted"
  • Drive shows in Disk Management but filesystem is blank
  • chkdsk reports "Corruption was found while examining the boot region"
  • Any exFAT drive that won't mount after a crash or reboot

Diagnosis

Step 1: Confirm the drive is recognized

Get-Disk | Format-Table Number, FriendlyName, Size, PartitionStyle, OperationalStatus, HealthStatus -AutoSize

If HealthStatus: Healthy and OperationalStatus: Online, the hardware is fine. If not, you have a hardware problem (different fix).

Step 2: Check the partition exists

Get-Partition -DriveLetter H | Format-Table PartitionNumber, DriveLetter, Size, Type -AutoSize

Partition visible = partition table intact. Good sign.

Step 3: Check filesystem status

Get-Volume -DriveLetter H | Format-List DriveLetter, FileSystem, Size, SizeRemaining, HealthStatus

If FileSystem is blank and Size is 0, the filesystem metadata is corrupted but the partition is there.

Step 4: Read-only chkdsk to confirm

chkdsk H:

Look for: Corruption was found while examining the boot region. This confirms it's fixable.

Recovery

Option 1: chkdsk /F (try this first)

Run as Administrator:

chkdsk H: /F

Repairs the exFAT boot region from the backup copy (exFAT stores backup boot sectors at sectors 12-23). For an 8TB drive with ~140K files, takes a few minutes.

Verify after:

Get-Volume -DriveLetter H
Get-ChildItem H:\ | Select-Object Name | Format-Table -AutoSize

Option 2: TestDisk (if chkdsk fails)

  1. Download from https://www.cgsecurity.org/wiki/TestDisk
  2. Run testdisk_win.exe as Administrator
  3. Select physical disk → GPT → Advanced → Boot
  4. TestDisk rebuilds the boot sector from the backup copy

Option 3: Data recovery tools (last resort)

If the filesystem is unrecoverable:

  • R-Studio (paid, best for exFAT) — recovers directory structure
  • PhotoRec (free) — recovers files by type, loses filenames
  • DMDE (free tier) — good at exFAT reconstruction

Prevention

1. Disable write caching (most important)

Write caching is the #1 cause of exFAT corruption on external drives.

Device Manager method:

  1. Device Manager → Disk drives → your external drive
  2. Properties → Policies tab
  3. Select "Quick removal" (disables write cache)

PowerShell (scriptable):

# Adjust Ven_ and Prod_ to match your drive
$devPath = "HKLM:\SYSTEM\CurrentControlSet\Enum\SCSI\Disk&Ven_Samsung&Prod_PSSD_T5_EVO"
$instances = Get-ChildItem $devPath
foreach ($inst in $instances) {
    $diskParamPath = Join-Path $inst.PSPath "Device Parameters\Disk"
    if (Test-Path $diskParamPath) {
        Set-ItemProperty -Path $diskParamPath -Name "UserWriteCacheSetting" -Value 0 -Type DWord
    }
}

2. Shutdown flush script

Insurance even with write caching disabled. Use scripts/safe-shutdown.ps1 and register it as a Group Policy shutdown script. See references/prevention-scripts.md for the full setup.

3. Weekly boot region backup

Use scripts/backup-boot-region.ps1 to save a copy of the exFAT boot region every week. If corruption happens again, restore from backup instead of hoping chkdsk works.

4. Restore from backup

# Run as Admin - writes raw bytes to disk
$disk = "\\.\PhysicalDrive3"  # adjust
$offset = 16777216             # partition offset in bytes
$backupFile = "C:\path\to\exfat_boot_region_YYYYMMDD.bin"

$buf = [System.IO.File]::ReadAllBytes($backupFile)
$fs = [System.IO.File]::Open($disk, [System.IO.FileMode]::Open, [System.IO.FileAccess]::Write, [System.IO.FileShare]::ReadWrite)
[void]$fs.Seek($offset, [System.IO.SeekOrigin]::Begin)
$fs.Write($buf, 0, $buf.Length)
$fs.Flush()
$fs.Close()
# Then: chkdsk H: /F

Key Facts

  • "Needs to be formatted" almost always means corrupted metadata, NOT lost data
  • exFAT doesn't journal like NTFS, so it's fragile on unexpected shutdowns
  • exFAT keeps a backup boot region at sectors 12-23 of the partition
  • chkdsk /F fixes most cases by restoring from this backup
  • Write caching on external drives is the #1 cause. Disable it.
  • DO NOT format the drive. That actually destroys the data.

Root Cause

exFAT has no journaling. When Windows has write caching enabled for an external drive and the system reboots (crash, update, power loss), dirty cached writes never flush. The boot region (filesystem's "table of contents") gets partially written and becomes unreadable. The actual file data on disk is untouched.