Home
Latest images
Search
Register
Log in
by 31. PhotoRec File Recovery & File Types
----
PhotoRec file recovery & Recoverying Specific File Types.
1. Plug in external hard drive, mine was a 900+ GB Toshiba external hard drive.
Note: You cannot recover files from the same drive that you're using to run Kali on.
You will have to first boot with a kali Usb then recover the files from a different drive,
than the Usb Drive itself (The Reason Why:Kali Usb Drive is only 16 GB ).
2. For this example, I plugged in my A sd card through a usb reader, which is only 130+ MB of space.
This File Recovery will work on actual hard drives as well tho, as long as you have
enough space for the destination files to go after they are recovered. So if you're recovering files from 80gb you can't expect 16gb sd card to successfully recover all of the files.
3. I Navigate to the 900+GB External destination hard drive and create a folder for the recovered files
that I am going to recover from the "a" 130 mb sd, usb drive.
4. I then unmount the 900+ GB Toshiba Hard Drive.
5. Because, I'll need to mount it using the Terminal.
6. cd /media;ls = Navigates to the media folder and make a directory for the toshiba 900+gb external hard drive.
7. fdisk -l = list the different drives and volumes that are connected to this Pc.
8. Once I find the drive that matches my toshiba external hard drive in size, I mount it under the Toshiba directory that I previously created in the media folder.
9. mount /dev/sdc1 /media/toshiba;ls = I list the contents of the media folder, The Toshiba folder now turns green, which means it is mounted.
"Ctrl+Shift+T" Opens up a new Terminal Tab.
10. photorec = in the new tab, I start the recovery program PhotoRec
11. I select the 130 mb A sd, usb drive that I would like to recover files from.
12. Fat16 as the Partition in my case, this drive was used with windows previously.
13. I select "Other" Fat/ntfs/hfs+/ReiserF5/... = for Windows type files, if I was recovering files from a Linux Pc, I would select the ext2/ext3/ext4 filesystem option here instead.
14. I select whole which scans the whole "A sd, usb drive, or hard drive chosen" for any recoverable files that it can find.
15. Now it's asking me to select a destination where I would like to save the recovered files, I could save them to my Usb drive since the original files could only be 130mb and I have almost 16 gb free on the drive, but for this demonstration, I'll select to save them to my Mounted 900+ Toshiba hard drive, if you are learning from this tutorial, you probably wish to recover files from a source much larger than a 130 mb sd, usb drive. I want to teach you right, if I am going to teach you.
16. I select ".." to go back a directory, until I navigate to the beginning of my Usb drive, I then select the "media" folder, then I select the "toshiba" folder which we mounted at the beginning of this video.
17. Now I navigate to the "Recovered files" folder that I created at the beginning of this video for the files that I plan to recover.
18. Once I navigate there, as the onscreen instruction tells us, I just press the "c" key to say that's the correct destination for the recovered files.
19. PhotoRec begins to scan the "130mb sd card we selected" drive for files to recover.
Mine completes in a very short time because it was only 130 mb, yours may take a few hours if you are scanning something like Gb or larger, 80gb took me around 39 hours on a slow computer before.
20. "Enter" is pressed over the "Quit" Option once all files are recoverd.
21. then I pressed "q" a few times to get out of PhotoRec program.
22. If it doesn't exit, you can always try, "Ctrl+C"
23. umount /media/toshiba;ls = Now I'll go back to my first terminal window and unmount the toshiba 900+ gb external drive.
Now the device should show up without the green highlight, which means it should have unmounted.
24. rm -r toshiba;ls = I can now unplug the usb device, and remove the folder I had it mounted to.
25. exit = exits that terminal window.
26. exit = exits the photorec terminal window as well.
27. I plug in my toshiba 900+ gb external drive into the computer again.
28. find my recovered files folder, or folders that it has recovered.
I view some of them, to see if they worked, and it does.
29. Now I make a new folder called "A1RECOVEREDSDKEEP" which I plan to use to organize the recovered files from Photorec, Note: You can name the folder differently, it doesn't matter.
30. I open the new folder, in another tab, and open the original folder which has the recovered files in it also.
31. for my new folder, I can create several sub-folders in it, naming each one a different file type, for example, "MOV" for all the MOV files that I can find.
32. Go at the beginning of the recovered files directories, and just type what extension you are looking for, ".jpg" Would find all Jpg filetypes that has been recovered.
33. You can cut files from the recovered files folder, to the new organized folder that we created, they will either disappear and go to the new folder that we created, or their path will change from the old path, to the new one. (If your system freezes, this is a typical issue that I had.) try leaving it searching for like 5 minutes, then just cutting a few files at a time if necessary. I can cut a lot since I have a Computer with 14 GB of ram for this.
34. we can highlight a file, then hold shift and left click on another file above or below that one to highlight multiple files, carefully not selecting so much as to cause our pc to lock up. Sometimes, it may take a while to load if I were selecting a huge amount of files, I have waited patiently for 3 minutes before while selecting a bunch of files at once, without clicking anything or pressing anything so that it will have time to process that I've selected those files.
35. You just do this for all of the filetypes that you wish to recover.
----
Method 2.
Recovery Method No. 2.
"Recuva"
for Windows xp-10
Note: for Windows Xp Users, many users don't know about the hidden Administrator account which can be accessed without a password just by tapping f8 repeatedly after turning the pc on at the beginning logo. If you make it to that Command Prompt, Administrative Command Prompt is accessed, and you can create/deleteusers, or remove passwords from administrative accounts.
1. Search google for Recuva
2. Download free version of Recuva.
3. Run Recuva's installer as an Admin on the computer you wish to recover files from.
4. Uncheck read release notes, Run Recuva.
5. Use the Wizard to choose what types of files you wish to recover, and the location of the drive or sd, or usb storage device that you would like to recover files from.
6. You can choose advanced mode, and preview the images before you recover them, to select certain things to recover, or you can recover it all to an external drive and sort through them using the same method we did with Photorec files in Linux.
7. After a long wait-time, (it can take anywhere from 30-40 hours or more to recover files from large drives.)
I would Choose an External Drive location to recover the recovered files to if I were serious about recovering the files.
For this example, I just chose to recover the files from the same drive which could fail, but didn't in my example.
Note: Your recovery will have a better success rate if you recover the files to an external drive vs. what I did in the method 2. section of the video,
