VDI File Corruption: Recover Files Within VDI
Posted: 08 Apr 2015, 18:54
Hi there,
My problem appeared a couple of days ago where many windows started opening in Windows 7 randomly. To avoid undesired behavior, I quickly turned off the computer by force (holding the power button). The problem was that I had a VirtualBox virtual machine running at the same time and worse yet, the virtual machine was downloading a file. I think the reason for the sudden burst of many windows opening was that the partition that held the VDI image encountered a bad sector. At this point I turned the computer back on and found my VDI image at 0 bytes, an empty file. I did not notice the file was at 0 bytes right away, so I first had another virtual machine open. While I did not do anything, but save that virtual machine's state, it did write to the disk a bit. I later figured out this was probably a big mistake as now I think I can recover only a fragment of the VDI. I don't remember the original size of the VDI, but Photorec was able to recover a 40 GB VDI that appears to have the same UUID as the original file.
According to this post: http://forum.cgsecurity.org/phpBB3/guid ... t3110.html
The VDI compresses files within the VDI. I tried to recover individual file types from the host VDI partition by specifying the guest’s file system type. Would this be the correct way to find the files? If my host is Windows 7 NTFS and my guest is Ubuntu EXT3, should I be specifying to Photorec NTFS or EXT3 partition? Or does it matter since it’s a VDI? I noticed that what I get is chunks of the data. I'm getting only the first small fragment of the file. So, my question is, is there any hope of recovering the original files (either the entire VDI) or files within my VDI given that my VDI is probably a fraction of the size of the original VDI and that the VDI format compresses files?
Thanks!
My problem appeared a couple of days ago where many windows started opening in Windows 7 randomly. To avoid undesired behavior, I quickly turned off the computer by force (holding the power button). The problem was that I had a VirtualBox virtual machine running at the same time and worse yet, the virtual machine was downloading a file. I think the reason for the sudden burst of many windows opening was that the partition that held the VDI image encountered a bad sector. At this point I turned the computer back on and found my VDI image at 0 bytes, an empty file. I did not notice the file was at 0 bytes right away, so I first had another virtual machine open. While I did not do anything, but save that virtual machine's state, it did write to the disk a bit. I later figured out this was probably a big mistake as now I think I can recover only a fragment of the VDI. I don't remember the original size of the VDI, but Photorec was able to recover a 40 GB VDI that appears to have the same UUID as the original file.
According to this post: http://forum.cgsecurity.org/phpBB3/guid ... t3110.html
The VDI compresses files within the VDI. I tried to recover individual file types from the host VDI partition by specifying the guest’s file system type. Would this be the correct way to find the files? If my host is Windows 7 NTFS and my guest is Ubuntu EXT3, should I be specifying to Photorec NTFS or EXT3 partition? Or does it matter since it’s a VDI? I noticed that what I get is chunks of the data. I'm getting only the first small fragment of the file. So, my question is, is there any hope of recovering the original files (either the entire VDI) or files within my VDI given that my VDI is probably a fraction of the size of the original VDI and that the VDI format compresses files?
Thanks!