Ever deleted a file permanently and wished to recover it. Here's a python script designed to do this task in Linux operating system.
Recovery tools are exceptional spy tools. You could recover things you weren't meant to see. Its however good to know this as it might come handy some day.
When this script works
- File is deleted and that space is not used for any other file
- When you quick format your storage device
When this doesn't work
- When file is deleted and space is used to store another file.
- When you format your storage device
Dependencies
- For partition recovery fdisk(usually comes pre-installed in a modern distro)
- For file recovery sleuthkit
Alternatives
Here is a list of software that I personally use to recover files when necessary. Though now I would prefer my own script.- Linux: Photorec Command Line Tool
- Windows: Recuva GUI Tool
Script for Partition Recovery
import os
print "Partion Recovery Script-Abhishek Munagekar"
print "List of devices attached to system is"
os.system("lsblk")
devname=raw_input("Enter the device name\n")
#show the list of partition
commandline='echo -e "p\nq\n" | fdisk /dev/'+devname
print "Showing partition table"
os.system(commandline)
pno=raw_input("Enter the partition no to recover ")
#delete the partition
commandline='echo -e "n\n\n' + pno +'\n\n\nw\n" | fdisk /dev/'+devname
os.system(commandline)
Output
[root@localhost 3101]# fdisk /dev/sdb
Welcome to fdisk (util-linux 2.24.2).
Command (m for help): p
Disk /dev/sdb: 2 GiB, 2076180480 bytes, 4055040 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x0009a80a
Device Boot Start End Blocks Id System
/dev/sdb1 2048 514047 256000 83 Linux
/dev/sdb2 514048 4055039 1770496 b W95 FAT32
Command (m for help): d
Partition number (1,2, default 2): 1
Partition 1 has been deleted.
Command (m for help): w
The partition table has been altered.
[root@localhost 3101]# python prec.py
Partion Recovery Script
List of devices attached to system is
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 465.8G 0 disk
├─sda1 8:1 0 500M 0 part /boot
└─sda2 8:2 0 464.9G 0 part
├─fedora-swap 253:0 0 3.9G 0 lvm [SWAP]
└─fedora-root 253:1 0 461G 0 lvm /
sdb 8:16 1 2G 0 disk
└─sdb2 8:18 1 1.7G 0 part /run/media/exam2/part2
Enter the device name
sdb
Showing partition table
Welcome to fdisk (util-linux 2.24.2).
Command (m for help): Disk /dev/sdb: 2 GiB, 2076180480 bytes, 4055040 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x0009a80a
Device Boot Start End Blocks Id System
/dev/sdb2 514048 4055039 1770496 b W95 FAT32
Command (m for help):
Enter the partition no to recover 1
Welcome to fdisk (util-linux 2.24.2).
Command (m for help):
Partition type:
p primary (1 primary, 0 extended, 3 free)
e extended
Select (default p):
Using default response p.
Partition number (1,3,4, default 1): First sector (2048-4055039, default 2048): Last sector, +sectors or +size{K,M,G,T,P} (2048-514047, default 514047):
Created a new partition 1 of type 'Linux' and of size 250 MiB.
Command (m for help): The partition table has been altered.
Welcome to fdisk (util-linux 2.24.2).
Command (m for help): p
Disk /dev/sdb: 2 GiB, 2076180480 bytes, 4055040 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x0009a80a
Device Boot Start End Blocks Id System
/dev/sdb1 2048 514047 256000 83 Linux
/dev/sdb2 514048 4055039 1770496 b W95 FAT32
Command (m for help): d
Partition number (1,2, default 2): 1
Partition 1 has been deleted.
Command (m for help): w
The partition table has been altered.
[root@localhost 3101]# python prec.py
Partion Recovery Script
List of devices attached to system is
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 465.8G 0 disk
├─sda1 8:1 0 500M 0 part /boot
└─sda2 8:2 0 464.9G 0 part
├─fedora-swap 253:0 0 3.9G 0 lvm [SWAP]
└─fedora-root 253:1 0 461G 0 lvm /
sdb 8:16 1 2G 0 disk
└─sdb2 8:18 1 1.7G 0 part /run/media/exam2/part2
Enter the device name
sdb
Showing partition table
Welcome to fdisk (util-linux 2.24.2).
Command (m for help): Disk /dev/sdb: 2 GiB, 2076180480 bytes, 4055040 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x0009a80a
Device Boot Start End Blocks Id System
/dev/sdb2 514048 4055039 1770496 b W95 FAT32
Command (m for help):
Enter the partition no to recover 1
Welcome to fdisk (util-linux 2.24.2).
Command (m for help):
Partition type:
p primary (1 primary, 0 extended, 3 free)
e extended
Select (default p):
Using default response p.
Partition number (1,3,4, default 1): First sector (2048-4055039, default 2048): Last sector, +sectors or +size{K,M,G,T,P} (2048-514047, default 514047):
Created a new partition 1 of type 'Linux' and of size 250 MiB.
Command (m for help): The partition table has been altered.
Script for File
import os
os.system("clear")
os.system("echo File Recovery Script")
os.system("By Abhishek Munagekar For Programing Wonders")
os.system("echo The list of devices is")
os.system("lsblk")
os.system("echo enter the device to be used")
devname=raw_input("")
imgname=raw_input("Enter the image name \n")
os.system("dd if="+devname+" of=" + imgname +" bs=512")
os.system("echo showing inode number of files")
os.system("fls "+ imgname)
inodeno=raw_input("Enter the inode of the deleted file ")
os.system("istat "+ imgname + " " + inodeno )
os.system("echo the contents of the recovered file are")
os.system("icat "+ imgname +" "+ inodeno)
os.system("echo enter the name of the file where data to be stored with extension")
newfile=raw_input("")
os.system("icat "+ imgname +" "+ inodeno +" > "+ newfile )
os.system("echo the contents of the file are")
os.system("cat "+ newfile )
Recovery Output
[root@localhost 3101]#python rec.py
File Recovery Script
The list of devices is
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 465.8G 0 disk
├─sda1 8:1 0 500M 0 part /boot
└─sda2 8:2 0 465G 0 part
├─fedora-root 253:0 0 461.1G 0 lvm /
└─fedora-swap 253:1 0 3.9G 0 lvm [SWAP]
sdb 8:16 1 2G 0 disk
├─sdb1 8:17 1 1002M 0 part /run/media/exam2/newpart1
└─sdb2 8:18 1 977M 0 part /run/media/exam2/newpart2
enter the device to be used
/dev/sdb1
Enter the image name
def
2052096+0 records in
2052096+0 records out
1050673152 bytes (1.1 GB) copied, 8.59537 s, 122 MB/s
showing inode number of files
r/r 3: newpart1 (Volume Label Entry)
r/r * 5: sample
v/v 32768995: $MBR
v/v 32768996: $FAT1
v/v 32768997: $FAT2
d/d 32768998: $OrphanFiles
Enter the inode of the deleted file 5
Directory Entry: 5
Not Allocated
File Attributes: File, Archive
Size: 46
Name: _AMPLE
Directory Entry Times:
Written: 2016-07-05 09:01:28 (CDT)
Accessed: 2016-07-05 00:00:00 (CDT)
Created: 2016-07-05 09:01:28 (CDT)
Sectors:
4050 0 0 0 0 0 0 0
the contents of the recovered file are
ngfbybuuihuhertuijjvfgjrug8akjfw
this is pict
enter the name of the file where data to be stored with extension
xyz.txt
the contents of the file are
ngfbybuuihuhertuijjvfgjrug8akjfw
this is pict
File Recovery Script
The list of devices is
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 465.8G 0 disk
├─sda1 8:1 0 500M 0 part /boot
└─sda2 8:2 0 465G 0 part
├─fedora-root 253:0 0 461.1G 0 lvm /
└─fedora-swap 253:1 0 3.9G 0 lvm [SWAP]
sdb 8:16 1 2G 0 disk
├─sdb1 8:17 1 1002M 0 part /run/media/exam2/newpart1
└─sdb2 8:18 1 977M 0 part /run/media/exam2/newpart2
enter the device to be used
/dev/sdb1
Enter the image name
def
2052096+0 records in
2052096+0 records out
1050673152 bytes (1.1 GB) copied, 8.59537 s, 122 MB/s
showing inode number of files
r/r 3: newpart1 (Volume Label Entry)
r/r * 5: sample
v/v 32768995: $MBR
v/v 32768996: $FAT1
v/v 32768997: $FAT2
d/d 32768998: $OrphanFiles
Enter the inode of the deleted file 5
Directory Entry: 5
Not Allocated
File Attributes: File, Archive
Size: 46
Name: _AMPLE
Directory Entry Times:
Written: 2016-07-05 09:01:28 (CDT)
Accessed: 2016-07-05 00:00:00 (CDT)
Created: 2016-07-05 09:01:28 (CDT)
Sectors:
4050 0 0 0 0 0 0 0
the contents of the recovered file are
ngfbybuuihuhertuijjvfgjrug8akjfw
this is pict
enter the name of the file where data to be stored with extension
xyz.txt
the contents of the file are
ngfbybuuihuhertuijjvfgjrug8akjfw
this is pict
Alternative Usage
I wouldn't personally recommend doing this.Recovery tools are exceptional spy tools. You could recover things you weren't meant to see. Its however good to know this as it might come handy some day.
Thanks for sharing this amazing information.
ReplyDeletewordpress website design
wordpress website design
wordpress website design
wordpress website design
wordpress website design