I use my Sony Ericsson W700i mobile extensively. It became my third hand. I
take photos, record speeches as video and audio, enjoy MP3 music and podcasts etc.
I have 1GB memory card and it is always filled with the stuff above mentioned.
Recently, I deleted all files in my memory card, unfortunately. Alas! All my stuff wiped out from memory card.
I gave the command to delete them all.
rm -rf * /media/disk
What to do?
How to recover them all?
Is there any way to recover the deleted files from a memory card?
There are some costly windows tools available for this.
Who needs Gates, in a world of no fences?
Google is my friend and ubuntu is my lover.
Got this link
https://help.ubuntu.com/community/DataRecovery
There are some bunch of tools available in Linux for Data recovery.
All helped me a lot.
First thing I did is “Take a image of memory card“.
So,
dd if=/dev/sda of=my_card.img bs=512
The file my_card.img is the extract copy of my memory card.
It has everything, but as deleted files.
Next, tried PhotoRec tool. It is a wonderful tool which can recover almost all type of files from the memory cards.
How to recover lost files after you accidentally wipe your hard drive
I installed PhotoRec from ubuntu repositories.
sudo apt-get install testdisk
Now scanned the image with photorec
photorec my_card.img
It recovered all the JPG and GIF files from the image file.
Wow. Great tool indeed!. Isn’t it?
Now I got all my pictures and mp3 files recovered.
So, what next? Looked for my 3gp(video) files and amr(audio) files.
Hmmmm. No. Nope. There are no 3gp and amr files recovered.
what to do? I need them all. I had a nice collections of 3gp and video files.
m. search Shrini. search!
Oops. Googles gives me only loads of windows tools.
If a proprietary tool can do a thing well, then Open Source tool will do it in a better way.
So, next, tried the tool foremost.
Installed as
sudo apt-get install foremost
and scanned the image file as
foremost my_card.img
Great. It created a directory called “output” and put all the image, and mp3 files separately.
It is same as PhotoRec only. No big difference.
Still I am in the need to recover amr and 3gp files.
There are still some tools in my toolbox.
Let me try, sleuthkit.
sleuthkit? what is this?
Installed as
sudo apt-get install sleuthkit
But, there is no command called sleuthkit.
so what is this tool?
“Extract unallocated (deleted) blocks from a disk or disk image”
dls inputimage > outputimage
“Use any tool to search the output image for files.”
It seems to give some hope. what is dls?
“man dls” says that dls – disk data recovery.
so tried as
dls my_card.img > new_image.img
It showed me a lot of junks and finally a new file is created.
But, what to do with that file?
can not mount as loop back device too.
showed error when mounted.
So, No hope to recover my 3gp and amr files?
Let me see the site of sleuthkit.
http://www.sleuthkit.org/sleuthkit
sleuthkit is a collection of many tools.
Reading the docs and Tool Details page of the sleuthkit.
http://www.sleuthkit.org/sleuthkit/tools.php
http://www.sleuthkit.org/sleuthkit/docs.php
The description page
http://www.sleuthkit.org/sleuthkit/desc.php
hey. see there! FAT recovery is there.
try that link.
http://www.sleuthkit.org/informer/sleuthkit-informer-14.html#recover
This pages tells about two tools
man fls says as
fls – List file and directory names in a forensic image
man icat says as
icat – copy files by inode number
It seems that fls and icat can recover my files.
Let me try.
fls -f fat -r my_card.img | less
Wow. This displayed all the files in the images recursively. ( “-r” for recursive; “-f fat” for filesystem)
I can see all the file names of everything in that card. JPG, GIF, MP3, amr, 3gp… everything.
Now only some hope come. I can recover them.
Let me try icat.
icat will recover any file from a image, if you say the inode no of the file.
How to get the inode no?
The tool fls itself tells the name and inode no of the files.
fls -f fat -r my_card.img | grep 3gp
This returns as follows.
++ r/r * 9743: Baby Munbea.3gp
+++ r/r * 9746: God Loves you.3gp
+++ r/r * 9748: Ratcagan.3gp
+++ r/r * 9750: VideoDJ.3gp
Now, I know the inode no of the files inside the image file.
So, To recover the file Ratcagan.3gp, I got it inode no 9748. Try with icat.
icat -f fat -r my_card.img 9748 > Ratch.3gp
What a Surprise?
I got it.
icat recovered my 3gp file.
Like this, I recovered all the 3gp and amr files by giving their inode no manually, one by one.
Thus, Open Source tools proved that CAN DO ANYTHING.
##Copied and Verified.
Recently, I deleted all files in my memory card, unfortunately. Alas! All my stuff wiped out from memory card.
I gave the command to delete them all.
rm -rf * /media/disk
What to do?
How to recover them all?
Is there any way to recover the deleted files from a memory card?
There are some costly windows tools available for this.
Who needs Gates, in a world of no fences?
Google is my friend and ubuntu is my lover.
Got this link
https://help.ubuntu.com/community/DataRecovery
There are some bunch of tools available in Linux for Data recovery.
- dd
- mount
- PhotoRec
- foremost
- sleuthkit.
All helped me a lot.
First thing I did is “Take a image of memory card“.
So,
dd if=/dev/sda of=my_card.img bs=512
The file my_card.img is the extract copy of my memory card.
It has everything, but as deleted files.
Next, tried PhotoRec tool. It is a wonderful tool which can recover almost all type of files from the memory cards.
How to recover lost files after you accidentally wipe your hard drive
I installed PhotoRec from ubuntu repositories.
sudo apt-get install testdisk
Now scanned the image with photorec
photorec my_card.img
It recovered all the JPG and GIF files from the image file.
Wow. Great tool indeed!. Isn’t it?
Now I got all my pictures and mp3 files recovered.
So, what next? Looked for my 3gp(video) files and amr(audio) files.
Hmmmm. No. Nope. There are no 3gp and amr files recovered.
what to do? I need them all. I had a nice collections of 3gp and video files.
m. search Shrini. search!
Oops. Googles gives me only loads of windows tools.
If a proprietary tool can do a thing well, then Open Source tool will do it in a better way.
So, next, tried the tool foremost.
Installed as
sudo apt-get install foremost
and scanned the image file as
foremost my_card.img
Great. It created a directory called “output” and put all the image, and mp3 files separately.
It is same as PhotoRec only. No big difference.
Still I am in the need to recover amr and 3gp files.
There are still some tools in my toolbox.
Let me try, sleuthkit.
sleuthkit? what is this?
Installed as
sudo apt-get install sleuthkit
But, there is no command called sleuthkit.
so what is this tool?
“Extract unallocated (deleted) blocks from a disk or disk image”
dls inputimage > outputimage
“Use any tool to search the output image for files.”
It seems to give some hope. what is dls?
“man dls” says that dls – disk data recovery.
so tried as
dls my_card.img > new_image.img
It showed me a lot of junks and finally a new file is created.
But, what to do with that file?
can not mount as loop back device too.
showed error when mounted.
So, No hope to recover my 3gp and amr files?
Let me see the site of sleuthkit.
http://www.sleuthkit.org/sleuthkit
sleuthkit is a collection of many tools.
Reading the docs and Tool Details page of the sleuthkit.
http://www.sleuthkit.org/sleuthkit/tools.php
http://www.sleuthkit.org/sleuthkit/docs.php
The description page
http://www.sleuthkit.org/sleuthkit/desc.php
hey. see there! FAT recovery is there.
try that link.
http://www.sleuthkit.org/informer/sleuthkit-informer-14.html#recover
This pages tells about two tools
- fls
- icat
man fls says as
fls – List file and directory names in a forensic image
man icat says as
icat – copy files by inode number
It seems that fls and icat can recover my files.
Let me try.
fls -f fat -r my_card.img | less
Wow. This displayed all the files in the images recursively. ( “-r” for recursive; “-f fat” for filesystem)
I can see all the file names of everything in that card. JPG, GIF, MP3, amr, 3gp… everything.
Now only some hope come. I can recover them.
Let me try icat.
icat will recover any file from a image, if you say the inode no of the file.
How to get the inode no?
The tool fls itself tells the name and inode no of the files.
fls -f fat -r my_card.img | grep 3gp
This returns as follows.
++ r/r * 9743: Baby Munbea.3gp
+++ r/r * 9746: God Loves you.3gp
+++ r/r * 9748: Ratcagan.3gp
+++ r/r * 9750: VideoDJ.3gp
Now, I know the inode no of the files inside the image file.
So, To recover the file Ratcagan.3gp, I got it inode no 9748. Try with icat.
icat -f fat -r my_card.img 9748 > Ratch.3gp
What a Surprise?
I got it.
icat recovered my 3gp file.
Like this, I recovered all the 3gp and amr files by giving their inode no manually, one by one.
Thus, Open Source tools proved that CAN DO ANYTHING.
##Copied and Verified.
0 comments: