Page 1 of 1

tar.gz deleted inside a vdi

Posted: 02 Nov 2023, 21:06
by Daviid
I had a CentOS virtualbox machine in a vdi file.

I used to develop through ssh with vscode remote feature and I wanted to move the code to my computer, create a git repository and keep track of changes like that, then deploy to the previous remote.

I was doing a tar -czf ./laravel_site.tar.gz ./laravel_site and it was taking a lot of time beacuse of 800MB of images.

I canceled and executed rm -rf laravel_site.tar.gz

Then I pressed up in the terminal thinking I would get the tar -czf command and executed rm -rf laravel_site.tar.gz ./laravel_site

I think I have most of the php files from a previous scp that I also stopped because of the images.

But I don't think I can hope for scp to have copied all the files because when I stopped it I had already copied

Code: Select all

./app
./bootstrap
./config
./public
./resources
./routes
./storage
./tests
.env.example
.styleci.yml
package-lock.json
phpunit.xml
README.md
webpack.mix.js
and the images are inside ./public so if I expect alphabetical order resources wouldn't exists.



Anyway, I made a copy with dd I don't even remember of what but I can mount it with

Code: Select all

#!/usr/bin/env bash

losetup --find --show --partscan --read-only /mnt/dd/image.dd
vgchange -ay
mount -o ro,noload /dev/mapper/centos-root /mnt/p2/
and inside /mnt/p2/ I can see the root of my old centos.


What could I do to try and recover the files? Could I maybe try to recover laravel_site.tar.gz? or should I go for the folder and the individual files??

Re: tar.gz deleted inside a vdi

Posted: 03 Nov 2023, 08:50
by recuperation
I do not have any knowledge with regards to VDI containers.

To be able to run Photorec you would at least need to create another image file whose internals comply with the structure of an image of a regular physical disk. Pleas read:
It allows both fixed-size and dynamically allocated storage.
Source:
https://www.parallels.com/blogs/ras/vdi-vs-vhd-vs-vmdk/

Such a conversion process would need to incorporate the content of all clusters, not just the used ones.

When running TestDisk against such a file to search for deleted files be aware that TestDisk undelete functions rely on understanding the internals of the file system in question. Therefore the scope of TestDisk is limited to:
TestDisk can also undelete files from FAT, NTFS, exFAT and ext2 filesystem.
Source:
https://www.cgsecurity.org/