Recovering data on GNU/Linux

Two days ago, a friend of mine who discovered GNU/Linux more or less some days before, tried to install Ubuntu on his father’s computer. The problem was that it wasn’t only his father’s computer, it was property of the school where he works.

He started Ubuntu on the graphical mode and when the installation program was reducing the windows partition something went wrong and the system blocked itself. My friend was scared, so he rebooted the computer, started the text installation and installed Ubuntu on the “new partition” (yes, even though the partitioning tool seemed to fail, after in the text installation there was a new partition like if the process had finished well).

After the installation, there was no Windows option in the Grub menu, so the windows partition was broken after all. We tried using testdisk to recover the partition table, but it didn’t work. Therefore, we had to look for another solution: recover files from the disk.

Foremost

Foremost is the tool we used to recover the files. It usually can be installed using the distribution repositories. Also, there are so many live distributions such as RipLinux prepared for all these recovering tasks.

One thing else that we need to recover our files is an usb disk where the recovered files will be saved. It is important to note that you should not write to the failed disk, because it can overwrite existant data in case of lost files.

To use foremost is really easy. It works searching by extension, so we have to specify the extension we want to look for and where we want to save the recovered data. When we connect an usb disk, the system usually mounts it at /media/disk (or similar), so that’s the place where we are saving our recovered data. Note that the usb disk have to be empty.

With all this, here is the command we have to execute in the terminal (as a root or using sudo if you can):

sudo foremost -t extension -i /dev/sdx -o /media/disk

As you can see, the extension have to be that one that we need (doc, ppt, pdf, wmv, avi, mpg, jpg, png, etc.). /dev/sdx represents the hard disk where we want to search to recover the files and /media/disk represents the place where the recovered data will be saved.

You will see that the recovered files have no name, just numbers (for example 123532423.doc). That means that we will have to open each one of them to see what is inside.

More information about recovering data in the Ubuntu Wiki.

Tags: Foremost