In-depth technology research: finding new ways to recover data, accessing firmware, writing programs, reading bits off the platter, recovering data from dust.
Forum rules
Please
do not post questions about data recovery cases here (use
this forum instead). This forum is for topics on finding new ways to recover data. Accessing firmware, writing programs, reading bits off the platter, recovering data from dust...
April 1st, 2015, 21:31
1) Recently I incidentally deleted a lot of files (the encrypted files under /home/$USER/.Private folder, about 140GB in total. some of the VM files size is about 20GB. the /home/ folder is on /dev/sda5 partition with ext4 Linux LVM file system. recently i run "rm -rf .Private" under /home/$USER folder to incidentally deleted almost all the files under /home/$USER folder) from the Ubuntu 64 bits Server OS system server (i updated it from Ubuntu 12.04 to Ubuntu 14.04 in a couple of months ago), and I'm in the process to recover them with extundelete, photorec, ext3grep, testdisk etc. recovering tools (with Ubuntu 14.04.2 LiveCD), but none of them can successfully recover all the deleted files as expected.
It is much appreciated if you can help to have a look at my case and let me know whether your services/products can help to undelete all these data as expected.
2) The progress of my data recovery is as below:
With photorec i recovered about 30GB files, not all the 140GB, to the external HD.
When run "extundelete --restore-all /dev/mapper/ubuntu--vg-root" command, I can only recover about 700M files and get a lot of console output of "Unable to restore inode xxxxxx ...... : Space has been reallocated" and the final console output is "Failed to restore inode xxxxxx to file RECOVERED_FILES/xxxxxx: Some blocks were allocated".
The testdisk and ext3grep tools don't look as good as photorec and extundelete tools in my case.
When the /home/$USER/.Private folder (in /dev/sdb5 partition with ext4 Linux LVM file system) was "rm -rf ./Private"), I don't know I need to turn off the PC immediately, while leave it running for about two days, run "apt-get update" for a couple of times, but didn't create any folders or add any files to this partition.
I made a image copy of the whole drive /dev/sdb with dd command before I start to recover the deleted data.
The data recovering tools I have used so far are open source ones. It is much appreciated if you can recommend me some better tools so can recover all the deleted data.
Thank you very much for your help and have a great Easter !
Powered by phpBB © phpBB Group.