tar.gz deleted inside a vdi

Using PhotoRec to recover lost data
Forum rules
When asking for technical support:
- Search for posts on the same topic before posting a new question.
- Give clear, specific information in the title of your post.
- Include as many details as you can, MOST POSTS WILL GET ONLY ONE OR TWO ANSWERS.
- Post a follow up with a "Thank you" or "This worked!"
- When you learn something, use that knowledge to HELP ANOTHER USER LATER.
Before posting, please read https://www.cgsecurity.org/testdisk.pdf
Locked
Message
Author
Daviid
Posts: 1
Joined: 02 Nov 2023, 20:46

tar.gz deleted inside a vdi

#1 Post by Daviid »

I had a CentOS virtualbox machine in a vdi file.

I used to develop through ssh with vscode remote feature and I wanted to move the code to my computer, create a git repository and keep track of changes like that, then deploy to the previous remote.

I was doing a tar -czf ./laravel_site.tar.gz ./laravel_site and it was taking a lot of time beacuse of 800MB of images.

I canceled and executed rm -rf laravel_site.tar.gz

Then I pressed up in the terminal thinking I would get the tar -czf command and executed rm -rf laravel_site.tar.gz ./laravel_site

I think I have most of the php files from a previous scp that I also stopped because of the images.

But I don't think I can hope for scp to have copied all the files because when I stopped it I had already copied

Code: Select all

./app
./bootstrap
./config
./public
./resources
./routes
./storage
./tests
.env.example
.styleci.yml
package-lock.json
phpunit.xml
README.md
webpack.mix.js
and the images are inside ./public so if I expect alphabetical order resources wouldn't exists.



Anyway, I made a copy with dd I don't even remember of what but I can mount it with

Code: Select all

#!/usr/bin/env bash

losetup --find --show --partscan --read-only /mnt/dd/image.dd
vgchange -ay
mount -o ro,noload /dev/mapper/centos-root /mnt/p2/
and inside /mnt/p2/ I can see the root of my old centos.


What could I do to try and recover the files? Could I maybe try to recover laravel_site.tar.gz? or should I go for the folder and the individual files??
Top
recuperation
Posts: 2879
Joined: 04 Jan 2019, 09:48
Location: Hannover, Deutschland (Germany, Allemagne)

Re: tar.gz deleted inside a vdi

#2 Post by recuperation »

I do not have any knowledge with regards to VDI containers.

To be able to run Photorec you would at least need to create another image file whose internals comply with the structure of an image of a regular physical disk. Pleas read:
It allows both fixed-size and dynamically allocated storage.
Source:
https://www.parallels.com/blogs/ras/vdi-vs-vhd-vs-vmdk/

Such a conversion process would need to incorporate the content of all clusters, not just the used ones.

When running TestDisk against such a file to search for deleted files be aware that TestDisk undelete functions rely on understanding the internals of the file system in question. Therefore the scope of TestDisk is limited to:
TestDisk can also undelete files from FAT, NTFS, exFAT and ext2 filesystem.
Source:
https://www.cgsecurity.org/
Top
Locked

Return to “File recovery”