After Using PhotoRec

From CGSecurity

Jump to: navigation, search

It may be hard to sort the file recovered by PhotoRec. You can find here some ideas to help you in this process.

  • JPEG file sorting using EXIF meta-data.
  • Under Linux, md5sum can used to find duplicate file, maybe just md5'ing only the first x bytes
  • Under Linux (or with perl and 'sum'), you can find duplicates in a hierarchy using find_dup or finddup from fslint.
  • Under Linux, for file extensions that ImageMagick can handle, you can run something like 
for file in recup_dir*/*; do convert $file $file; done
  • Under Linux (or with perl and 'convert'), you can automate the above 'for' loop and do many other batch image processing with fix_img
  • To read broken MS Office document (doc/xls/ppt/...) that MS Office failed to read, you can try OpenOffice. OpenOffice.org is a multiplatform and multilingual office suite and an open-source project. Compatible with all other major office suites, the product is free to download, use, and distribute.
  • Some MS Office document (xls/ppt/...) may be recovered with a Word .doc extension, you may need to rename these files.
  • To recover broken Outlook PST file, try Microsoft Scanpst
  • Canon PowerShot models store their image sequence numbers in the EXIF data, so using a program that can dump EXIF data to text like jhead, and the following Perl script, you can essentially restore all the JPG files to their original names. --Vees 01:59, 8 January 2007 (CET) 
$working_dir = '.';
$jhead_bin = '/usr/local/bin/jhead';

@recovered_files = `ls $working_dir`;
foreach $file (@recovered_files) {
        chomp $file;
        @exif = `$jhead_bin -v $working_dir/$file`;
        foreach $line (@exif) { 
                if ($line =~ /Canon maker tag 0008 Value = 100(\d{1,8})$/) {
                        system("mv $working_dir/$file $working_dir/IMG_$1.JPG");
                        print "IMG_$1.JPG from $file\n";
                        last;
                }
        }
}
Data Recovery