• research
  • » About my current research
  • » Technical expertise
  • » Publications, conferences and awards
• gallery
  • » Honeymoon in USA and Canada, 2007
  • » Rome, 2008
  • » Scotland, 2009
  • » Shrewsbury, 2010
  • » Oxford in the snow, 2010
• panoramas
  • » Oyster Bay
  • » Lake Placid
  • » Paris
  • » The Louvre
  • » Versailles Orangery
  • » Versailles Façade
  • » Slioch from Loch Maree
  • » Camas Mor Bay
• science
• computing
• workshop
• miscellany
• contact
• web-mail

Recovering lost files on Linux

I have recently had to try and recover a file deleted accidentally on a Linux EXT3 partition. This is more complicated than it is on a file system such as NTFS where commercial and free software can easily recover any file provided that the physical location of the file on the disk hasn't been overwritten.

I was successful in the end using a couple of open source tools and here I show you how I did it.

PhotoRec

PhotoRec is a piece of software written by Christophe Grenier which was designed to help users recover deleted photos. Fortunately for me, this is a very capable piece of software. It doesn't just look for photos but will trawl through a disk, ignoring the file system, and drag out any file matching one of its many pre-listed file types.

I downloaded and ran photorec and proceeded to set it up to recover files of the type I was interested in (php). The first screen asks you for the disk you are interested in recovering files from (/dev/sda) in my case. I told it that I had an "Intel/PC" file system on this device and it identified the partitions in use. I used the file options to specify "text files" as php files are subset of text files. I selected the output directory for the files and let it churn away for the next few hours searching for text files. Importantly, the output directory must be on a different disk to the files you are trying to recover or you run the risk of overwriting them!

The recovered files are output into a series of folders called "recup_dir.1", "recup_dir.2" and so on with 500 files in each. It is these files which will contain your deleted data but it's a large task to sort the wheat from the chaff. One strategy would be to create a new directory for php files and then copy all php files to that folder:

mkdir php
cp -R -f recu*/*.php php/

From this point, it is just a matter of searching within the content of your recovered folder for a string fragment from your file of interest.

Further reading

• PhotoRec step-by-step guide to file recovery.
• Carlo Wood's page on recovering files from an EXT3 partition.

Published on 30th May 2011.