About 48 hours ago I would have been mystified how anyone could wipe their entire harddrive. On Saturday I attempted to upgrade my installation of Linux Mint from 17.3 to 18. The upgrade path failed so I opted for the recommended path of doing a clean install.
This need not be a big deal. My set up was quite simple:
1. A Solid State Drive (100GB) on which I keep Mint and the software running on Mint.
2. A 2TB hard disk where I keep everything else. (I set up Mint to write Documents, Pictures, Videos etc. to this drive.
(3. I also have a 3TB My Clould to which I save pictures, so I didn’t loose everything)
For some reason when installing Mint I chose the option to wipe the 2TB hard drive clean instead of the 100GD SSD.
Fortunately, I had recently read Linux Format’s Round up of rescue distros (Issue 209, April 2016) so I was mildly aware there might be an opportunity to get my data back. I opted to install testdisk.
I’ll cut out some of the things I tried to do, but this is the short version
Open the Linux Terminal (CTRL+ ALT+ T)
sudo apt install testdisk
I then ran a utility inside testdisk called photorec typing into the terminal
photorec
See instructions at: http://www.cgsecurity.org/wiki/PhotoRec_Step_By_Step
After selecting to recover the 2TB disk and choosing a location to save the recovered files then following is in process:
Terminal view (I’m hoping it will not take 24 hours to complete. It said 72 hours about an hour ago!)
The program saved the recovered files into these folders.
The obvious issue here is that the recovered files don’t appear with their original file names and the folder structure is not maintained. However, there are some more important issues here:
- This has been surprising easy to do. On one hand that is a good thing as it means I’ve got my files back. On the other hand, the ease with which I recovered files demonstrates how insecure the process of wiping a hard drive is. Once anyone gets hold of the hard drive it is amazingly easy to recover anything that was on there.
- This process retrieves everything including files I had already deleted and pictures from websites I had visited. For example some of the folders contain pictures of the people I follow on twitter, I did not download these.
- When I say retrieves everything I mean everything. Most of the files retrieved are things like web buttons.
Anyway the main lessons here are as follows.
- Check very carefully before you delete.
- It is easierto recover files than I thought:
a) This is a good thing if you made a mistake.
b) This is a bad thing it you actually wanted to securely wipe a drive. If you want to wipe a drive so no one else can read it, some research is needed . Deleting your files and reformatting is not enough.
Photorec: Step by step (also works with Windows)
Using python coding to sort out the files afterwards (not tried yet!)