Retrieve lost content
catting the hard drive (not the files we have inside the media folder)
strings /dev/sdb
xxd /dev/sdb | grep -v "0000 0000 0000 0000 0000" #hexviews
grep -B2 -A2 -a '[a-z0-9]{32}' /dev/sdb #better for recovering
#check if one of them exists on the target machine
which dd
which dcfldd
ssh [email protected] "sudo dcfldd if=/dev/sdb | gzip -1 -" | dcfldd of=pi.dd.gz
gunzip -d output.gz
binwalk something.dd
binwalk -Me something.dd ##extract files
1. testdisk something.dd
#follow the default > list
2. photorec something.dd
:whole partition
Last modified 11mo ago