How to recover deleted files in Ubuntu
TLDR;
- Execute: sudo apt-get install testdisk
- Execute: sudo photorec /path/to/partition
- Select file opt and choose the type of file you want to recover
- Select your file-system
- Choose a directory to store the recovered files
We are going to use a software called “testdisk”. This software is available for all commonly used operating systems like windows, linux and mac. Well what type of files can you recover with it? Pretty much everything. You heard it right… From autocad dwg files to xbox save files, you can recover almost any type of files. You should consider yourself unlucky if you aren’t able to find the type of file which you deleted. But before considering yourself unlucky, you need to pay some attention to the file extension. Why I am saying this is because, if you are trying to recover a .mp4 file, you would not see the option .mp4 in the list of extensions. But… video formats like mov,mp4,3gp,3g2,jp2 are available under the category “mov”. So try not to jump to conclusions and pay little detail to the extensions that are displayed.
Okay, without talking much, let’s see how to start the recovery. First step is to make a folder which will be used for storing the recovered files. This step is optional, yet convenient. So open the terminal and type cd ~ && mkdir recovery. I am going to address this directory as the “recovery directory” through out this article. So don’t get confused.
Your second command (or the first command if you ignored the previous one) will be sudo apt-get install testdisk. This wouldn’t take more than 10 seconds. Once it is done, type sudo photorec /path/to/partition. If you are not sure which is your path, you need to run df -h.
Take a look at the list of partitions and copy the path of the one which is mounted on the /home directory. In my case, the path is /dev/mapper/nvme0n1p5_crypt. So copy the path and run the command sudo photorec /dev/mapper/nvme0n1p5_crypt (Please be careful with the path).
It will ask you to select a media. As we have already specified the path in the previous command, only one option will be listed. So press enter.
Now you’ll most likely find only one option. Just in case you see two options, select the one that doesn’t say Unknown. But don’t press enter right away!!!
In the bottom of your screen you will be able to see the options such as
[ Search ] [Options ] [File Opt] [ Quit ]
Navigate to [File Opt] by pressing the right arrow and press enter. And here you go… You will be able to see a whole range of the files that can be recovered.
This is the most crucial step in the recovery process. Each line starts with an ‘x’ mark surrounded by square brackets. If an extension has the [x] in front of it, it means you are asking the testdisk to recover all the files of that type. Obviously you wouldn’t want to recover everything. So you need to press ‘s’ in your keyboard to unselect all. Then you can simply navigate through the list and press ‘x’ on your keyboard to select the extension that you want to recover. In my case, I want to recover the files that have the extension “.groovy”. All the programming language files will come under “.txt”. So I pressed ‘x’ on the line that had “.txt”. Once you have selected the file types, press ‘b’ and press enter. Then select Quit to go back to the previous window.
In the next step, the photorec will ask you to select the file-system from which the files got deleted. Select the one that doesn’t say Other and press enter.
In the final step, all you need to do is to navigate and select the recovery directory . And that’s the end. All your lost files will be recovered and kept into the recovery directory. For me it took more than an hour. In the meantime I had many doubts regarding whether this would work or not. But trust me, it is worth the wait.
Once the recovery is done, you will see lock icons around the recovered directories. You can get rid of them by navigating to the recovery directory and running the command sudo chown -R $USER: $HOME. The only catch here is, you will not able to find the recovered items with their original names. i.e If you had deleted an mp4 file named “my-vacation.mp4”, you will not be able to find a file with the same name, but it will be hiding somewhere in the directory with a different name. So you need to iterate through all the recovered files and find the correct one. Grep can’t help you here.
Grep can’t help you if you are trying to recover a non-text file. But if you are recovering a text file, consider your job done. Just open the terminal, navigate to the recovery directory and run the command grep -irl “unique text in your file”. It is important for you to know at least some distinct words that are present in your text file. Otherwise get ready to open and close all those million text files.
Make sure to thank Christophe GRENIER, the creator of this software .This is his website https://www.cgsecurity.org/
