Archivio mensile:novembre 2009


M’ero sbagliato, c’eravamo tutti sbagliati.

Silvio Berlusconi e la sua cricca di leccapiedi non sono mafiosi.

Ennò. Nonostante le percentuali bulgare che raccolgono in sicilia, la Mafia non è più l’azionista di riferimento.

Sono camorristi.

Dio, schiantali sull’autostrada Napoli-Reggio o sarà il mio fegato a schiantarsi.

Uno spargimento di budella indolore, per favore! Sblitch, splotch, pezzettoni di qua, spezzatino di là.

E usano Silvio Berlusconi come scusa per i loro processi! Ah, ecco svelato l’inganno, la mutua convenienza, il vile accordo!

Voi mi votate, io salvo Mediaset e Camorra.

JPEG Recovery With Foremost: Filtering Results

Following my previous article, I’m writing my experience with foremost.

My mother had its Windows XP/Vista ravaged out by her son. She was very happy with Linux Mint until she asked me: «Where are our dog’s photos? They were stored in $randomproprietaryapplication with the extension .ads and I can’t find them».

Ooops. I wiped it. «Gimme the laptop mom, I’l, find them.»

I used foremost as follows:

foremost -v -t jpeg -i /dev/sda1 -o /media/Enermax/BKP 

According to the audit.txt file, it scanned 108GB of disk in 1 hour, and found 19517 jpegs. OMG OMG OMG.

So let’s narrow it down a bit, shall we? I made a little script that moves files bigger than a predefined size (in this case, 500000) in another directory (jpg500):

for filename in $( ls jpg/* ); do
	filesize=$(stat -c%s "$filename")
	if [ $filesize -gt 500000 ]; then
		mv $filename jpg500
echo $i

Well, here are the statistics:

  • JPEGs bigger than 500KB: 1773, only valuable pics
  • Between 400KB and 500KB: 0
  • Between 300KB and 400KB: 0
  • Between 200KB and 300KB: 776, valuable pics
  • Between 100KB and 200KB: 1441, valuable pics
  • Between 50KB and 100KB: 0
  • Between 40KB and 50KB: 1087, here you find thumbnails and crap
  • Below 40KB: 14440, crap to be shredded

So, rule of thumb, know your target. If you want to recover pics taken with your digital camera, go for the 500KB+ files. If you want to recover everything, stay above 100KB. Below 100KB, it’s only waste.

How To Recover My Files, The Very Best Way.

0. Avoid crapware.

Say, those Winblows thingies like “ImageRecall Don’t Panic”, “WinUndelete”, “Professional Voodoo”, “I Eats Dead Files”… There is absolutely no need to throw away your money. Open source software is the answer.

«Blah blah open source, what’s so special about open source, it’s hype with no facts, developers’ dream. I need working apps, for fuck’s sake!»

Well, pal, I didn’t want to call them in, but we’re talking about the  Special Investigations Office of the United States Air Force. USAF.

They needed a piece of software capable of recovering data from an unreadable hard disk.
They made it.
They released it.
They use it to discover evidences.
They mantain it, and want it bug-free, because in courthouses every evidence must be bug-free.

So, what about a cup of shut the fuck up?

1. Always try to backup first.

That’s for sure, you always can fuck it up. No software will save you from doing something really stupid. Better said: every software allows you to do something really stupid.

Let’s talk about Windows. How many times you tried to make a dual-boot system, and how many times Windows asked to check the disk, fucking its partition table with random FAT32 partitions?

So, the very first thing you can try is to burn a LiveCD and boot from it, then copy everything you can find to an external backup disk.

From now on I’m assuming you use Ubuntu’s LiveCD.

Why Ubuntu?

Because it is widespread, it supports ntfs-3g out-of-the-box and it is easy to install new packages on it.

Well, sometimes the system complains that it can’t open the partitions. Have a look with gparted or  similar applications. Maybe the partition table is damaged.

2. Try Windows tools. LOL.

Of course, if you are using Windows® Crapware© Non-Operating Systems. You can insert the installation cd, boot from CD, press R or F8, follow instructions, be left with great disappointment in seeing that nothing has changed.

(Don’t tell me you haven’t your CD because you illegally downloaded it. That would be dumb.)

Well, of course Windows tools won’t fix a shit. I only wanted to laugh at it. Go on reading.

3. Try recovering your partition table.

It will work (at least if the disk isn’t broken) and it is relatively fast.

Let’s say you did a big beautiful disk format, and later you discovered you nuked the wrong hard disk. Duh.

Well, as soon as you didn’t write anything on that disk, you can still recover the previous partitions (and files contained in them) without much hassle.

The piece of software you need is called testdisk. Grab the .deb package for your Ubuntu LiveCd herelinkgo (mind the versions!), and install it. Then launch it on the Terminal, with “sudo testdisk“.

Most of the times you’ll have to do a “Deeper Search” to find all your partitions, and use the “P” key to see if those partitions do contain your files.

Just try to remember what your previous partition table was.
Try to find the pattern among all the partitions testdisk has found.
Verify it with “P”, see that the files are the ones you’d expect to find in those partitions.
Restore the old partition table and reboot.

If it works and the computer boots, you’re done.

4. Recover files.

Well, this is what happens if you wipe out that Microsoft crapware and install Linux, then discover that you didn’t do a backup of yourt documents/images/movies/etc.

You have 2 apps to do this job: one is photorec, installed alongside testdisk. Get the info you need about it herelinkgo, I won’t describe it deeply.

The other is foremost. The one developed by USAF’s Special Investigations Office.

Grab it herelinkgo, install it on your Ubuntu LiveCD, read the man page (man foremost).

Let’s say I want to recover all JPEG files from the partition /dev/sda1, and save them to an external disk:

sudo foremost –v –t jpeg –i /dev/sda1 –o /media/ExternalHD

5. Sneer at those who lost their files with Winblows® Certified Crapware©.

This is the most satisfying part of the process.


Italian version available as PDF

Come recuperare file da un hard disk danneggiato

La Discrepanza Del †

La notizia:

La sintesi: la Corte Europea dei diritti dell’uomo etc etc ha deciso, il † va tolto dalle aule. Grandi proteste ovviamente del Vaticano, meno ovvio che anche il piddielle e il piddì difendano i due pezzetti di legno.

Il sondaggio sul giornale dei comunisti:

Come si dice in questi casi: adda venì baffone!