Wednesday, May 12, 2010

Data recovery with Fatback and photorec

Fatback is a simple utility used mainly to aid in filerecover from fat16/32 drive types. It is able to give you relevant information including a list of all the files on a drive, including deleted files (Deleted files found within the root directory structure), the starting cluster number of each file, the cluster chain of each file (not applicable to deleted files) and the individual file sizes. It gives you the option to recover files from the clusters that the file occupies (deleted files will not show cluster chains)which makes the tool only relevant for recovery of files from drives that fail to mount or contain multiple bad sectors. Therefore this will not be the tool of choice to recover deleted files, although it does give you enough information to make it possible to manually recover them.

Its usage is very simple:

fatback [block_device]
# fatback /dev/sdb

You will be presented with fatback's sub prompt. You can type 'Help' to see the list of commands avaiable to you. The commands are quite easy to understand and intuitive to use so i will not rant on this tool any longer.

Photorec will be a better tool that you may want to use when attempting to recover deleted files. This tool can recover all kinds of files and doesn't really care about the filesystem. PhotoRec is also companion program to TestDisk, an app for recovering lost partitions on a wide variety of file systems and making non-bootable disks bootable again. It is very important to note that you should not write recovered files back onto the drive that you are recovering files from. By doing this, you can potentialy overwrite important data on that disk. Likewise, As soon as a pic or file is accidentally deleted, or you discover any missing, do NOT save any more pics or files to that memory device or hard disk drive; otherwise you may overwrite your lost data.

Usage:

photorec [Block_device]
# photorec /dev/sdb

This would put you through photorec's interface. The interface is very easy to understand and follow. From here you can select the device you would like to recover files from (if you didn' pass the option as a parameter when calling the program), destination to store the recovered files, files types to restore, etc. You can visually get an idea of photorec's interface and more write up on using the tool from http://www.linux.com/news/enterprise/storage/8257-how-to-recover-lost-files-after-you-accidentally-wipe-your-hard-drive : article written by Shawn Hermans

Resources/Good Reading:

http://www.linux.com/news/enterprise/storage/8257-how-to-recover-lost-files-after-you-accidentally-wipe-your-hard-drive
http://www.cgsecurity.org/wiki/PhotoRec
http://sourceforge.net/projects/fatback/

No comments:

Post a Comment