Navigation

User login

Recent Discussions

Taking requests
22 hours 15 min ago
andrew
Request: : Please consider putting CloneZilla int he latest version
1 week 2 days ago
scionic
Trying to recover data
2 weeks 4 days ago
smondal
Install URR permanetly on dedicated machine
3 weeks 5 days ago
CoolMJQ
expandable usb flash installation via writeability
4 weeks 2 days ago
metznerm
bare metal recovery
4 weeks 3 days ago
russbutton
Can't boot from CD
4 weeks 3 days ago
Anonymous
is it possible to salvage data from a Mac disc?
4 weeks 3 days ago
elektros75

Concerned About Canadian Copyright Reform?

Search

Mysterious Recovered File

Submitted by Pauly BC on Wed, 11/18/2009 - 03:28.

Data Recovery forum

About a month ago I had a catastrophic failure in my PC. Cats, children, glasses of milk and PC's should never be forced together with such velocity. Ever. The internal hard drive let the smoke out and the external backup drive was damaged. The FAT table was corrupted but most of the data area survived.

I used a file recovery utility on the external drive and managed to recover a lot of our files. The external drive was 500GB and about 50% full with a manually copied backup and the last three automatic monthly backups from Windows. The recovery utility found most files 3 times over but of course lost all file names and folder structure. No big deal there as I can weed out duplicates and reestablish the file sorting reasonably quickly.

One file recovered is a mystery. The file shows as a rar file with a size of 232 GB (249,108,109,066 bytes), though when I open it, it has 16.7kb contents from an AVG auto-update from 2007. Is it possible that file could have other files within it that could be recovered or is it some type of recovery glitch? Could the recovery utility have failed to find the end-of-file marker in the RAR and copied the rest of the hard drive? This massive file was in the last folder created by the restoration utility.

Are there programs on Ubuntu-rescue that could be used to probe this file more deeply than the Ubuntu zip utility or WinRAR?

I also recovered several large files as .swc and .gpg each around 150MB that I don't know how to deal with. I downloaded a GPG utility but it would not open the files without a password. I have not encrypted files, could they be from downloading ISO's for Linux Distros? At the time of the last auto backup it may have copied those from my download folder.

Thank you kindly,
Paul

Hi Paul. I think the most

Submitted by andrew on Wed, 11/18/2009 - 11:43.

Hi Paul.

I think the most important thing to consider is what have you lost? In the collection of files you recovered, is there anything missing?

By the nature of file carving, you will suffer some data loss. Lots of the data is still there, though and if an automated recovery application misses something, you need to look for it and try to recover it "by hand". For example, a common method is to search for known text strings. If you find some, you figure out where they are on the drive and try to piece together the file.

You say you have gotten duplicated of most files. Again, because of the nature of file carving, you are going to get some false positives. Is the big .rar. file a false positive? I don't know. Zip files, or rather the zip file format is used for OpenOffice and the newer Word (.docx) file formats, since each file is a zipped folder containing xml and data files. I'm sure that some applications do the same with rar but I can't tell you offhand what it could be - as I mention, go the other way around and tell me what's missing, what was on the drive and maybe that could be a clue.

Ubuntu Rescue Remix