What is the best way to recover deleted zip files from a specific path ? I have 2 zip files previously stored in an ext drive in /dev/sda3 to be cut&pasted to home/user/Documents. These zip files have keyword "class" in their filename, one of them was around 2GB in size and the other one was less in size, I remember this much. Just in case restoring a folder is possible, I did extract them as well, but the extracted folder was deleted since the zip files was available anyway. Later on, these zip files accidentally got deleted as well. If this information helps, these files got deleted less than a week ago. Trash bin is empty.
I came across this thread : How to recover deleted files? and tried whatever I can try from the solution section. What have I tried :
R-linux : Can't find those zip files, both from
/dev/sda3orhome/user/Documents. In fact, there was no zip files found with size more than 1GB.Photorec : Can't find specific zip files, both from
/dev/sda3orhome/user/Documentsafter 18 hours of recovering. But I obtained an unknown 960-ish GB zip files that I can't seem to extract due to errors that I can't seem to get around yet :ERRORS: Headers Error Unconfirmed start of archiveWARNINGS:
There are data after the end of archive--
Path = f7915520.zip Type = zip ERRORS: Headers Error Unconfirmed start of archive WARNINGS: There are data after the end of archive Physical Size = 8453482 Tail Size = 996119120534
I tried unzip this using unzip, p7zip and java archiver (following this answer), all came across similar errors. Force unzip was not possible
extundelete : I have tried unmounting
/dev/sda3and run this command sudosudo extundelete /dev/sda3 --restore-file ".*class.*\.zip"and came across this output :NOTICE: Extended attributes are not restored. Loading filesystem metadata ... 2407 groups loaded. Loading journal descriptors ... 0 descriptors loaded. extundelete: Extent block checksum does not match extent block while finding inode for .*class.*\.zip extundelete: Extent block checksum does not match extent block while finding inode for .*class.*\.zip Failed to restore file .*class.*\.zip Could not find correct inode number past inode 2. Try altering the filename to one of the entries listed below. File name | Inode number | Deleted status extundelete: Operation not permitted while restoring file. extundelete: Operation not permitted when trying to examine filesystem
sudo extundelete /dev/sda3 --restore-file '\.zip$' returns the same output.
- These files weren't removed using
rm, sohistory | grep "rm .*class.*\.zip"returns nothing - foremost. I tried to run
sudo foremost -v -t zip -q -i /dev/sda3 -o /media/user/external/recover -T. Bunch of zip files were found, but specific ones are not there. To my observation, similar to R-linux, big-sized zip files are not recovered, the biggest being 100mb only.
I appreciate any suggestions for other tools or to address errors I mentioned above. Anything I can try.
foremostis another tool to recover deleted files, although it cannot search for specific file name patterns. You do not say how this partition is used, but if it's been a week and no other tool was successful so far, I'm not giving it a lot of hope. – Sebastian Oct 01 '23 at 13:58foremostas you recommended. I've updated my question as well. It surprisingly finished really fast and my files were not found unfortunately. The biggest zip file found was 100mb in size, mine was 2gb-ish. I might not be able to recover big zip files (?) – raisa_ Oct 01 '23 at 15:01sudo extundelete --restore-inode <inode_number>, but I'm not sure which one is the 'inode number', there is only filename from r-linux, for example : $InodeJrnlebd20744, when I put 20744, it says "No undeleted copies found in the journal". Any guidance ? – raisa_ Oct 01 '23 at 15:50