NTFS undelete on Linux

-
To avoid damaging filesystem with files to be undeleted I created image of entire hard disk by booting live linux on source PC from USB and then making 1:1 copy of HDD with dd.


1. Figure out offset where partition of interest starts. Simply open image with fdisk and multiply start sector with 512 bytes.

2. Mount it with losetup. "losetup -o 105906176 /dev/loop0 diskimage.bin"

3. Scan for undeletable files. "ntfsundelete -s /dev/loop0"

4. Undelete files. "ntfsundelete -u -m '*.docx' -d /tmp/recovered /dev/loop0"

5. Done. "losetup -d /dev/loop0"

Comments

Post a Comment

Got something to say?!

Popular posts from this blog

Convert Huawei E3372h-153 from HiLink/router-mode to Stick/modem-mode [ UPDATED 2016-09-02 ]

-
This is updated version of my original post. I purchased additional modem that's externally identical to old one but had different serial port USB ID (USB\VID_12D1&PID_1442&MI_00) missing from earlier driver pack causing original instructions to fail. I have also included latest Stick-mode firmware 21.200.07.00.805 I've found and corrected some incorrect information on original post. Modern Huawei USB LTE modems can be used in two very different modes. Default is HiLink mode where it functions as router doing NAT and other nastiness much like more traditional 4G routers connected over WLAN or Ethernet. Unsurprisingly default mode is HiLink, but luckily it can be changed to Stick mode getting rid at least one layer of NAT and related issues. Actually there's also third mode which is subset of Stick, instead of native NCM interface it uses legacy PPP over emulated serial port. This can be sometimes useful with older routers with USB port but you won't be able ...
Read more

Windows 10 install from USB to Dell Latitude 10 Tablet

-
Dell Latitude 10 Tablet, identified as ST2 Late-2012 by Dell, really sucks. It's shipped with very first Win 8.0 build and after two years of updates it's barely usable with Win 8.1 + all available updates and fixes. I wanted to give Windows 10 try on it as already being worst tablet ever it can hardly get any worse, right? Reinstalling Win 8.1 goes exactly like Win 10 so below applies to both.
Read more