by These’s two tools are great for basic file recovery and easy to use. First I’ll talk about Testdisk, this tool can help find lost partitions that may have been damaged or deleted. The Other PhotoRec, is a great file recovery tool to help find deleted files. With This tutorial, you learn about using these tools on Debian-based Linux. But these’s tools are available on are on other platforms too, even windows too!
To install both Testdisk and Photorec on Debian or Ubuntu, open the terminal and use this command.
$ sudo apt install testdiskUsing TestDisk
just run “sudo testdisk” in the terminal. choose if you want logs or not.
Use arrow keys to select, then press Enter key:
>[ Create ] Create a new log file
[ Append ] Append information to log file
[ No Log ] Don't record anythingThen pick your disk device then press proceed to continue.
Select a media (use Arrow keys, then press Enter):
>Disk /dev/sda - 240 GB / 223 GiB - KINGSTON SA400S37240G
Disk /dev/loop0 - 58 MB / 55 MiB (RO)
>[Proceed ] [ Quit ]Once you pick your device, in the next menu choose the partition table type. If you don’t know theres a good chance its Intel type if its like a usb stick. But if your computer is newer or has a very big drive(more then 2TB) it will most likely be EFI GPT. TestDisk might also pre-selected with Auto detect. Here it selected EFI GPT for me.
Disk /dev/sda - 240 GB / 223 GiB - KINGSTON SA400S37240G
Please select the partition table type, press Enter when done.
[Intel ] Intel/PC partition
>[EFI GPT] EFI GPT partition map (Mac i386, some x86_64...)
[Humax ] Humax partition table
[Mac ] Apple partition map (legacy)
[None ] Non partitioned media
[Sun ] Sun Solaris partition
[XBox ] XBox partition
[Return ] Return to disk selectionPress Analyse to start searching.
Disk /dev/sda - 240 GB / 223 GiB - KINGSTON SA400S37240G
CHS 29185 255 63 - sector size=512
>[ Analyse ] Analyse current partition structure and search for lost partitions
[ Advanced ] Filesystem Utils
[ Geometry ] Change disk geometry
[ Options ] Modify options
[ Quit ] Return to disk selectionHere it shows the current partitions available on the drive. If there’s nothing here it means neither it got delete or damage. We can try to attempt to recover the lost partition by pressing >[Quick Search].
Disk /dev/sda - 240 GB / 223 GiB - CHS 29185 255 63
Current partition structure:
Partition Start End Size in sectors
No partition is bootable
>[Quick Search] [ Backup ]Press Enter to continue to the next screen.
Disk /dev/sda - 240 GB / 223 GiB - CHS 29185 255 63
Partition Start End Size in sectors
>P EFI System 2048 1050623 1048576 [EFI System Partition]
P Linux filesys. data 1050624 468860927 467810304
Structure: Ok. Use Up/Down Arrow keys to select partition.
Use Left/Right Arrow keys to CHANGE partition characteristics:
P=Primary D=Deleted
Keys A: add partition, L: load backup, T: change type, P: list files,
Enter: to continue
FAT32, blocksize=4096, 536 MB / 512 MiB
When the scan is done, you see if there are any partitions it may have found here. If it did found it, Press Write this will write what partitions it found on the partition table. (note: if the partition you wanted isn’t showing up you can do a deeper search to find other partitions that a quick search might have not found.)
Disk /dev/sda - 240 GB / 223 GiB - CHS 29185 255 63
Partition Start End Size in sectors
1 P EFI System 2048 1050623 1048576 [EFI System Partitio
2 P Linux filesys. data 1050624 468860927 467810304
[ Quit ] [ Return ] [Deeper Search] >[ Write ]Put Y in and Then quit Testdisk.
Write partition table, confirm ? (Y/N)You might need to reboot your computer for the partition to show up. But now you should be able to see the partition again and be able to mount it.
Using PhotoRec
Photorec is a file recovery tool, which and helps recover files that have been deleted or lost. It can even recover data from deleted partitions too. This nice utility installs alongside Testdisk.
Getting Started
First, you want to make a Folder to store all the files Photorec will find. In this tutorial, I made a folder called “FileRecovery”. Once you have a place for the files to be stored, enter “sudo photorec” at the terminal to run.
~$ mkdir FileRecovery
~$ sudo photorec Select the drive you want to run the recovery on and press Proceed.
Select a media (use Arrow keys, then press Enter):
>Disk /dev/sda - 240 GB / 223 GiB (RO) - KINGSTON SA400S37240G
Disk /dev/loop0 - 58 MB / 55 MiB (RO)
>[Previous] [ Next ] [Proceed ] [ Quit ]
Refind Your Search
Here you are going to want to pick File Opt.
Disk /dev/sda - 240 GB / 223 GiB (RO) - KINGSTON SA400S37240G
Partition Start End Size in sectors
Unknown 0 0 1 29185 80 63 468862128 [Whole disk]
> 1 P EFI System 0 32 33 65 101 36 1048576 [EFI System Part
2 P Linux filesys. data 65 101 37 29185 61 60 467810304
[ Search ] [Options ] >[File Opt] [ Quit ]
Modify file optionsHere you can tell Photorec what kind of files you want to find.
PhotoRec will try to locate the following files
[X] custom Own custom signatures
>[X] 1cd Russian Finance 1C:Enterprise 8
[X] 3dm Rhino / openNURBS
[X] 7z 7zip archive file
[X] DB
[X] a Unix Archive/Debian package
[X] abr Adobe Brush
[X] acb Adobe Color Book
[X] accdb Access Data Base
[X] ace ACE archive
[X] ab MAC Address Book
[X] ado Adobe Duotone Options
[X] afdesign afdesign
[X] ahn Ahnenblatt
Next
Press s to disable all file families, b to save the settings
>[ Quit ]You can leave it as it is and search everything as it is. But in doing so, you could be looking through 100’s of thousands of files. If you want to avoid this your going to want to refind your search. First press s, this will unselect everything. Then scroll down the list with the arrow keys. Find something you want to find, highlight it then press the spacebar to select it. When done, press b to save.
PhotoRec will try to locate the following files
[ ] custom Own custom signatures
[ ] 1cd Russian Finance 1C:Enterprise 8
[ ] 3dm Rhino / openNURBS
>[X] 7z 7zip archive file
[ ] DB
[ ] a Unix Archive/Debian package
[ ] abr Adobe Brush
[ ] acb Adobe Color Book
[ ] accdb Access Data Base
[ ] ace ACE archive
[ ] ab MAC Address Book
[ ] ado Adobe Duotone Options
[ ] afdesign afdesign
[ ] ahn Ahnenblatt
Next
Press s for default selection, b to save the settings
>[ Quit ]
Pick the partition to search for files. if you don’t know just pick the top one called Unknown.(this will search the entire drive) Then press enter on Search.
Disk /dev/sda - 240 GB / 223 GiB (RO) - KINGSTON SA400S37240G
Partition Start End Size in sectors
> Unknown 0 0 1 29185 80 63 468862128 [Whole disk]
1 P EFI System 0 32 33 65 101 36 1048576 [EFI System Part
2 P Linux filesys. data 65 101 37 29185 61 60 467810304
>[ Search ] [Options ] [File Opt] [ Quit ]
Start file recovery
Here you need to know what kind of filesystem the partition uses. If you know its Linux pick ext2/ext3, else if its windows or mac pick Other. If you don’t know what it is, more than likely it’s the Other option.
2 P Linux filesys. data 65 101 37 29185 61 60 467810304
To recover lost files, PhotoRec needs to know the filesystem type where the
file were stored:
[ ext2/ext3 ] ext2/ext3/ext4 filesystem
>[ Other ] FAT/NTFS/HFS+/ReiserFS/...Pick your Destintion Directory
Navigate and Pick a location where the recovered files are going to be stored. Here I’m going to place them in a directory called FileRecovery.
Please select a destination to save the recovered files to.
Do not choose to write the files to the same partition they were stored on.
Keys: Arrow keys to select another directory
C when the destination is correct
Q to quit
Directory /home/colby
drwxr-xr-x 1000 1000 4096 14-Jul-2021 18:03 .
drwxr-xr-x 0 0 4096 30-Jun-2021 22:15 ..
drwxr-xr-x 1000 1000 4096 4-Jul-2021 10:25 Desktop
drwxr-xr-x 1000 1000 4096 30-Jun-2021 15:22 Documents
drwxr-xr-x 1000 1000 4096 13-Jul-2021 00:20 Downloads
>drwxrwxr-x 1000 1000 4096 15-Jul-2021 08:06 FileRecovery
drwxr-xr-x 1000 1000 4096 30-Jun-2021 15:22 Music
drwxr-xr-x 1000 1000 4096 11-Jul-2021 19:24 Pictures
drwxr-xr-x 1000 1000 4096 30-Jun-2021 15:22 Public
drwxr-xr-x 1000 1000 4096 30-Jun-2021 15:22 Templates
drwxr-xr-x 1000 1000 4096 30-Jun-2021 15:22 Videos
Press C once you are in the directory you want the files to be saved. The search will start immediately.
Keys: Arrow keys to select another directory
C when the destination is correct
Q to quit
Directory /home/colby/FileRecovery
>drwxrwxr-x 1000 1000 4096 15-Jul-2021 08:32 .
drwxr-xr-x 1000 1000 4096 15-Jul-2021 08:33 ..This will take a while, here you will see the progress on this page and what kind of files it finds.
Disk /dev/sda - 240 GB / 223 GiB (RO) - KINGSTON SA400S37240G
Partition Start End Size in sectors
Unknown 0 0 1 29185 80 63 468862128 [Whole disk]
Destination /home/colby/FileRecovery/recup_dir
Pass 1 - Reading sector 25935872/468862128, 0 files found
Elapsed time 0h00m31s - Estimated time to completion 0h08m49
STOPGo to the directory you created. There you will find many folders, each with about 500 files. These are folders that will be holding all the files found. Because of the way how files are stored on a file system, recover files will lose their filenames. This will make it much harder to find things. But at least now there’s a chance you might be able to recover the Impotent files you need.
$ ls -l
total 3584
drwxr-xr-x 2 root root 20480 Jul 15 08:14 recup_dir.1
drwxr-xr-x 2 root root 20480 Jul 15 08:14 recup_dir.10
drwxr-xr-x 2 root root 20480 Jul 15 08:17 recup_dir.100
drwxr-xr-x 2 root root 20480 Jul 15 08:17 recup_dir.101
...
