V did an rm * on his system when trying to delete his Skype folder. Trying to recover deleted files from his Ubuntu Linux system with PhotoRec by booting with a Live CD.
We needed a root shell to go into the folder and run it - used sudo -i as given here.
Tried recovering from the unallocated space - 153,174,016 sectors - initially it estimated around 4 hours to completion. Actually took 8 hours. And it recovered 320,000 files in 600+ recovery folders! Digging out the actual files which were needed out of that mountain was another task, trying to use
find /folder/where/recovered/files/are -name '*ods'
didn't yield any results, probably open document spreadsheet files are not recognized as such by photorec and are saved as generic binary elf files?
Next step was a search within files for a known string contained within the file, like
find /folder/where/recovered/files/are -exec grep -l "Jaya Jaya" {} \;
But that takes a looong time, since there are many GBs of files. The idea is to do it in batches of a few thousand files. For eg. a search on saiwaves over 173 MB of 10 kB files - around 15,000 files - took around 2 minutes.
Update: V says he proceeded in a semi-manual way. He used a tool 'search for files' which allowed him to search specifying file size limits and other parameters. He found that there are multiple copies of the same file (versions over time) which have been recovered. And he found that generally the files recovered which are in the same recovery folder were in the same folder to begin with. So he found some ods files with the 'contains string' method, and by opening them manually, found the latest version. mp3 files had their filenames stripped, but he was able to rename them back using an mp3 tagger tool. The whole process took him till 3 am to complete. He restored a backup he had made 15 days ago, and overwrote the files which he had modified over the last 15 days using the recovered files.
We needed a root shell to go into the folder and run it - used sudo -i as given here.
Tried recovering from the unallocated space - 153,174,016 sectors - initially it estimated around 4 hours to completion. Actually took 8 hours. And it recovered 320,000 files in 600+ recovery folders! Digging out the actual files which were needed out of that mountain was another task, trying to use
find /folder/where/recovered/files/are -name '*ods'
didn't yield any results, probably open document spreadsheet files are not recognized as such by photorec and are saved as generic binary elf files?
Next step was a search within files for a known string contained within the file, like
find /folder/where/recovered/files/are -exec grep -l "Jaya Jaya" {} \;
But that takes a looong time, since there are many GBs of files. The idea is to do it in batches of a few thousand files. For eg. a search on saiwaves over 173 MB of 10 kB files - around 15,000 files - took around 2 minutes.
Update: V says he proceeded in a semi-manual way. He used a tool 'search for files' which allowed him to search specifying file size limits and other parameters. He found that there are multiple copies of the same file (versions over time) which have been recovered. And he found that generally the files recovered which are in the same recovery folder were in the same folder to begin with. So he found some ods files with the 'contains string' method, and by opening them manually, found the latest version. mp3 files had their filenames stripped, but he was able to rename them back using an mp3 tagger tool. The whole process took him till 3 am to complete. He restored a backup he had made 15 days ago, and overwrote the files which he had modified over the last 15 days using the recovered files.
No comments:
Post a Comment