I just had a very, very illuminating session with photorec, which might be strangely named considering what it can do, but is still a great console application.
And from almost any filesystem, I might add, although you’ll need to know beforehand what the filesystem is.
photorec is menu driven for the most part, requires elevated privileges (which is good), and as far as I can tell in my experiences with it, does a great job yanking files from the jaws of death.
Now, why did I say “illuminating” earlier? Well, in one of my test runs this morning I grabbed a leftover flash drive that I hadn’t used in a while, ran
dd over it for a few seconds, repartitioned it, dumped a couple of text files on it, deleted them, and then sent photorec to work.
Originally the drive had been formatted in ext4, but I repartitioned it to hold a vfat partition, just because I wanted to see what photorec would do with a non-Unix drive.
photorec found the original text files I dropped there a few minutes earlier, then kept scrounging and found music files I had on the drive before I repartitioned and reformatted it. I kid you not. 😯
And … they played perfectly in mocp. 😯
Until this morning I assumed that data files from completely different file systems on drives that had been repartitioned and reformatted … would be irretrievable. How wrong I was. 😳
I know enough to realize that without letting
dd run its course over the whole drive, that data was still exposed. But I honestly thought since they weren’t listed in file table or were in a completely different filesystem, they wouldn’t be so easily brought back.
But there you have it. photorec taught me something new today, and I am wiser for it. Now please excuse me while I rig an entire laptop to run dban over every drive I own. … 😕