How to recover file with file name

[r007c0d3]

Hello,

I try to recover the lost partition with a testdisk. But the testdisk shows a message like the following partition can't be recovered.

After this, I try to use photorec. And I recover all pdf and image files with photorec.

But there is no filename there. I need to recover files with the filename.

I there any way or any other available tools which can help me to recover files with filename?



Thank you.

[lcoughey]

Model of drive?
Filesystem?
Root cause of the issue?

[r007c0d3]

It's a cloud drive.

@lcoughey

1. Qcow2 drive
2. File System GPT MBR, Linux CentOS 7.
3. At 1st files directory was deleted by a hacker. After that datacenter admin accidentally broke the partition.

I tested with testdisk and it says the partition can't be recovered.
But photorec can recover files with out name.

Thank you.

[fzabkar]

https://www.ufsexplorer.com/ufs-explorer-standard-recovery/

Supported virtual technologies:

VMware VMDK, Hyper-V VHD/VHDX, QEMU/XEN QCOW/QCOW2, ...

[fzabkar]

I examined the following file:

https://tarballs.opendev.org/openstack/trove/images/trove-master-mysql-ubuntu-xenial.qcow2 (~ 800MB)

It's compressed, but I found that 7Zip could extract the files from the image.

If PhotoRec can recover your file contents, then your image is not compressed. Try the free version of DMDE, or perhaps you could try 7Zip.

Header:

Code:

Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000000  51 46 49 FB 00 00 00 03 00 00 00 00 00 00 00 00  QFIû............
00000010  00 00 00 00 00 00 00 10 00 00 00 01 00 00 00 00  ................
00000020  00 00 00 00 00 00 00 08 00 00 00 00 00 03 00 00  ................
00000030  00 00 00 00 00 01 00 00 00 00 00 01 00 00 00 00  ................
00000040  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000050  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000060  00 00 00 04 00 00 00 68 68 03 F8 57 00 00 00 90  .......hh.øW....
00000070  00 00 64 69 72 74 79 20 62 69 74 00 00 00 00 00  ..dirty bit.....
00000080  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000090  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
000000A0  00 01 63 6F 72 72 75 70 74 20 62 69 74 00 00 00  ..corrupt bit...
000000B0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
000000C0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
000000D0  01 00 6C 61 7A 79 20 72 65 66 63 6F 75 6E 74 73  ..lazy refcounts
000000E0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

[lcoughey]

Make sure that there is no writing to the drive, get a full image of it using ddrescue, then try to scan and recover your files with UFS explorer. As you never really said the actual file system, it is tough to say the odds of recovering the file structure, but if it is one of the several linux based file ext or xfs file systems, RAW is likely the only result you will get.