Hello! I'm new to Photorec and I need some clarifications

Using PhotoRec to recover lost data
Forum rules
When asking for technical support:
- Search for posts on the same topic before posting a new question.
- Give clear, specific information in the title of your post.
- Include as many details as you can, MOST POSTS WILL GET ONLY ONE OR TWO ANSWERS.
- Post a follow up with a "Thank you" or "This worked!"
- When you learn something, use that knowledge to HELP ANOTHER USER LATER.
Before posting, please read https://www.cgsecurity.org/testdisk.pdf
Locked
Message
Author
nami946
Posts: 1
Joined: 06 Sep 2014, 11:05

Hello! I'm new to Photorec and I need some clarifications

#1 Post by nami946 »

Hello to the Photorec community. :)

I'm absolutely new to photorec and overall issues regarding hard drives. Anyways, long story short, my windows 7 appears to have been formatted to Ubuntu 14.04. I don't know which partitions are linux based now, since I heard using your computer can overwrite the data ( and since it's been formated I don't want more frustraions), so I haven't checked. :?

Now that I have hope in recovering most data using photorec, I want to know if I should just try getting files of my C drive only? This is the drive with all the personal files/documents and content in the downloads folder right? What about programs such as Adobe Photoshop, Illustrator, and Flash? These programs are usually contained in folders, are they also in the c drive?

And something final to ask. My laptop is shared between 3 users, myself and my parents, can I retrieve chrome bookmarks by any chance using photorec? The file it would be under is Bookmarks.bak file which is in C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default. However, I haven't seen .bak files under the list of files photo rec can read. So is it impossible? :?

Please let me know the answers to these questions, as I'm quite confused as you can see, and I'd appreciate some thorough explanations. Anyways, thanks for your time and consideration. :mrgreen:

Ramanujan
Posts: 2
Joined: 24 Jan 2015, 18:20

Re: Hello! I'm new to Photorec and I need some clarification

#2 Post by Ramanujan »

I am new in photorec and testdisk. I want to try to recover my chrome bookmarks file. I made a signature file called photorec.sig and placed it where homepath environment variable points to along with a dummy file that looks like the beginning of a chrome bookmarks file from another computer. The signature starts from offset zero and begins with "{ " . Copy the first portion of the file up to where the string checksum": ends because its the same for all of these types of files.
Run fidentify and see if it can identify the file. If it does you can then run Photorec using custom signature enabled and on an image of the drive or the drive itself that contains the data. For the experts out there If someone can help me make this work because so far when I run c:\testdisk_win.0-W\fident~1.exe chromebkmrkstest.bak in my home directory I get unknown.

Ramanujan!

User avatar
cgrenier
Site Admin
Posts: 5432
Joined: 18 Feb 2012, 15:08
Location: Le Perreux Sur Marne, France
Contact:

Re: Hello! I'm new to Photorec and I need some clarification

#3 Post by cgrenier »

On my Linux computer, the following signature works:

Code: Select all

bkm 0 0x7b0a20202022636865636b73756d223a
The same signature may works on Windows or may be

Code: Select all

bkm 0 0x7b0d0a20202022636865636b73756d223a

Ramanujan
Posts: 2
Joined: 24 Jan 2015, 18:20

Re: Hello! I'm new to Photorec and I need some clarification

#4 Post by Ramanujan »

I used a xex editor to construct a signature file that looks to have in it the following text

bak
0
0x7B,0x0D,0x0A ,0x20,0x20 ,0x20,0x22,0x63,0x68,0x65,0x63,0x6B ,0x73,0x75,0x6D,0x22,0x3A,0x20,0x22
{ _ :
as opposed to your first one (bkm 0 0x7b0a20202022636865636b73756d223a)
or the second one (bkm 0 0x7b0d0a20202022636865636b73756d223a)

mine looks almost like your second one but has an extra space (_) and a cologn (:) at the end which should not matter but its not all in one line; should it be all in one line?.The guide provides example which is on one line but it sais use a line with the extension, a line with the offset and a line with the signature; Mine fails on fidentify with unknown. Does yours work when you run fidentify? Whats the trick to make that work on my windows 7 laptop where I make the test? I put a mockup of a bookmarks file (a Kbyte copy of the beginning of my chrome bookmarks file) and the signature file in my c:\users\user\ directory.
What am i doing wrong here?

P.S. can more than one signature be in the signature file? i.e. while scanning the hardrive with custom the photorec should be checcking for all the signatures in your "photorec.sig" file.

example photorec.sig:
dis 0 "this sig"
dat 5 "that sig"
odr 20 "and the othe sig"
bkm 0 0x7b0d0a20202022636865636b73756d223a
and 0 "bla bla sig"
son 0 "and so on"

Locked