Monday, August 23, 2010

Going deeper to look for what we have lost.

There are not much blog writeup on MyDebian blog, but occasionally, when i find something useful, no matter how mundane or easy it is for the experienced user, I will try to document it somewhere. The objective is that, maybe somehow, somewhere, someone will benefit from it.

Recently, I accidentally formatted one of my windows partition by mistake. I know this is something stupid to do.
And that's what happens when you start to use w1#%#0%s for a long time. You tend to stop thinking.
To cut the story short, I wanted to format one of my partitions, and accidentally formatted the wrong partition. Worst, I reformatted the partition with

$ mke2fs /dev/sdb5

When i realized what I have done, it was already too late. All I can do now is unmount it immediately and try to figure out a way to retrieve the files back from some forensics software. Supposedly, mke2fs allocates a new filesystem on the partition and does a low level format of putting zeros. I'm not sure how true is that. I felt so stupid for doing something without thinking...and I was banging my head on the table. The particular partition had many files....aside from my collection of movies, anime and tv series videos, a whole lot of research work is in that partition.

Anyhow, i wasted no time and tried to look for a way to recover the files. Thankfully, I found a forensics software tool on linux, and conveniently, you can use aptitude to install it. The software I installed is testdisk.

$aptitude install testdisk

I ran the software with testdisk /dev/sdb, and i followed the menu and run an analyses and a deeper search
analyses on the whole disk. I'm not very sure how testdisk work, but its pretty cool. It managed to detect and identify my missing ntfs partition that was deleted. I managed to recover the missing ntfs partition and made copies of my missing files in that partition.

Well, I heard some people using it to find files they deleted by mistake. I hope you'll find a good use for it too.

1 comment:

Masokis said...

wah.. it's maybe hard...
thank you for suggesting this forensics tool, maybe one day..i need too.. after all. i'm very interesting in this scope..
i got a DHlife cd linux 2010 when join forensics workshop at ihack.. remaster by cybersecurity..