This event actually took place a few years ago, but I still have the unchanged USB flash drive in my possession. I may be out of luck, but I thought I would ask all you smart people here for your suggestions.
Short Story:
A few years back, my wife wanted to store all of her photos from her iPhone onto a USB flash drive because she was running out of storage. We picked up a brand new USB flash drive from the store, so I assume it had a FAT32
file system. We plugged the flash drive into a Mac OS X
and were able to backup all of her photos. We realized after the backup had complete that almost every photo had a duplicate file. photo.jpg
had a duplicate file called photo\ 1.jpg
. All of the duplicate files ended with the \ 1.jpg
suffix.
Just having started UNIX, I knew that I could use the shell's simple regex to remove all of the duplicate files, but I ended up not putting my command in quotes… And I ended up executing the following: rm * 1.jpg
. As you can see, I told the system to remove every single file and then remove 1.jpg
. Instead of telling the system to remove every file that ended in 1.jpg
. After this occurred, with my furious wife (at the time girlfriend) next to me, I unplugged the flash drive and stored it in a drawer.
Question:
Are there any secure UNIX tools to recover data, that was removed with rm
, from a USB flash drive? Or am I out of luck? As I stated above, I have not touched the flash drive since the event occurred.
If this question is far too broad, feel free to move it to meta or wherever it best fits.
Best Answer
Yes and, by the way, recovery of photos is one of the most common scenarios.
The conditions you described are actually optimal because:
These conditions lead to two available options.
If you care about the file names (or have fragmented files)
When you write a lot of pictures sequentially on a drive, the risk of fragmentation is actually very low, but still. To recover files and file names you need a tool which is file-system aware.
Enter TestDisk:
It will show you a step-by-step procedure through a TUI (textual user interface). The essential steps are:
If you actually just want the photos back
For pictures, you might as well not care about the names. Moreover, the file system might be damaged (not your case) and TestDisk would not help.
PhotoRec (from the same developer) comes to the rescue:
Here you just need to specify the output directory. You can also disable detection for some file types which you don't care about.