Archive for April, 2009

NOTE: Using Photorec to recover files is a hazardous task. For starters, it is a file carver, which means it guesses the whereabouts of file information and “carves” this into a variety of file formats. This does not work well with very big files, which will be cut into smaller segments. If you don’t want your information to go through a cheese-grater, then ddrescue might do the trick $sudo apt-get install ddrescue

Photorec Method

Step One. Install Photorec the free file recovery utility, which is part of the testdisk utility suite and should be in the repository in Hardy 8.04. Initially designed to rescue images from digital camera memory and Hard Disks, it has been extended to search for non audio/video headers, and currently searches for 80 different types of files. Summon it up using your terminal and run as root:

sudo apt-get install testdisk
sudo photorec

This will give you various options for recovering files. I created a folder on the partition or drive I wanted to save the files to and used the whole drive option to recover files off a second harddrive. There are some good tutorials for using this programme and different methods for various situations. I suggest you follow them. It’s a CPU intensive process and should take a while. Make coffee, go for a walk, and let Photorec do its thing.

Step Two. Here is the good part. So you’ve recovered your files and are now forensically working your way through the recovered material which has been stripped from your corrupted directory, cleaned from its file structure and given a number, and is now in a couple of hundred subdirectores inside a folder called probably recup_dir1. It all looks like the revenge of the bit monster, and wait, your files are all locked down in total anonymity. Nobody told you what to do. It’s a nightmare. You need to spend hundreds of $$$ on some company providing forensic services to the military? Not a chance. Here is what you do.

a) First change the mode of the recovery directory to read, write and execute using Ubuntu’s chmod function and the chmod magic number.

chmod 777 /directory_goes_here

You’ll probably want to do this recursively to change the mode of all the files and directories inside this one.

chmod 777 -R /directory_goes_here

b) All good and well. Now you can sort good files from bad, junk from valuable items. It will take you about 20 days of hard labour using the GUI. So what do you do? No need to call in an army of servants working at $$$ per hour. Use Ubuntu’s simple find and delete wildcard command to deploy Ubuntu power, this is Ubuntu POWER.

find ~/path_to_directory -type f -name "*pattern*" -exec ls {} \;

The above gives you a preview of the pattern of the file you want to delete. Pattern can by anything, but usually something like *.txt*. The \ and ; are important.

find ~/path_to_directory  -type f -name "*pattern*" -exec rm {} \;

This finds and then deletes the junk file using the pattern you specified. Putting a wildcard * before and after works for most files. You might need to shorten this to just one * before, depending upon the file type. Be careful. Try out the ls command first to check if you have the right directory. Everything within the directory which complies with your instructions to rm will be removed.



Read Full Post »