TestDisk
TestDisk is a partition scanner and disk recovery tool that checks partition and boot sectors to recover lost partitions. PhotoRec recovers lost files like pictures from digital cameras or hard disks.
Description
TestDisk checks the partition and boot sectors of disks, making it very useful in forensics for recovering lost partitions. It supports a wide range of file systems including DOS/Windows FAT12/16/32, NTFS, Linux Ext2/Ext3/Ext4, HFS/HFS+, JFS, Linux Raid, Swap, LVM/LVM2, ReiserFS, UFS/UFS2, XFS, and others like BeFS, BSD disklabel, CramFS, Netware NSS, Sun Solaris i386 disklabel, and Sun ZFS.
PhotoRec is file data recovery software designed to recover lost pictures from digital camera memory or hard disks. It searches for file signatures of various formats including JPEG, PDF, Office documents, ZIP, MP3, and many others, allowing it to undelete files regardless of the file system. It has been extended to search for non-audio/video headers.
The package also includes fidentify, which determines file types using the PhotoRec database.
How It Works
TestDisk scans disks for partition structures and boot sectors, analyzing supported file systems to detect and recover lost partitions. PhotoRec ignores the file system and searches for known file headers and footers byte-by-byte to carve and recover files. Both tools use signature-based detection for compatibility across numerous formats.
Installation
sudo apt install testdiskFlags
Examples
testdisk -htestdisk [/log] [/debug] [file.dd|file.e01|device]testdisk /list [/log] [file.dd|file.e01|device]testdisk /versionphotorec -hphotorec [/log] [/debug] [/d recup_dir] [file.dd|file.e01|device]fidentify -hfidentify [--check] [+file_format] [directory|file]