Have you often encountered situations when you needed to recover data? You accidentally deleted the file, but when it was too late you changed your mind, but did not know how to restore it, as an option you installed the operating system and, out of ignorance of the disk layout, formatted the disk with all data, music, movies, home photos and other other data. You are in despair not knowing whether it is possible to restore everything bit by bit, but this is only the smallest part of solving the consequences of the problem that arose, data in Linux can be restored and there are utilities for this, both paid and free, and today we will discuss 7 utilities that will help in recovery data in ubuntu linux.
Partially, of course, this all helped, but most of the data was still lost, but imagine the situation, you are a student, preparing a term paper, there is a week or two left before passing, and you flew HDD on which your term paper was, what to do in this situation.
I know that many users are accustomed to working with a graphical interface from the time they worked on the system, but today we will also discuss console utilities, since many of them help in recovery no worse, and in some situations even better.
Scalpel is a set of tools for quick recovery files. A unique utility, its uniqueness lies in the fact that it does not depend on the file system in any way. The utility searches the database for files of all known formats and tries to find them on the disk according to its own patterns, looking at the beginning and end of the file. It can help in recovery in such file systems as FATx, NTFS, ext2/3, also from "RAW" partitions.
the utility works according to its internal template /etc/scalpel/scalpel.conf, if you want to restore files of a certain format, you should open the config and uncomment the corresponding lines for of this type files. When editing a config template, you need to be very careful not to break it and not delete anything superfluous.
recovery directory" dir_recovery"must be empty, file.iso this is an example of the data that we need to restore, we know that we had such an image with exactly the same name, we can specify not only the file directly, but we can also specify the full path to the device from where we need to restore, like /dev/sdb1/directory_name/directory_name2/filename.
R-Linux is free program for restoring Ext2/Ext3/Ext4 FS file systems used in Linux and some Unix operating systems (OS). Used in R Linux The Scanning technology and easy-to-set parameters interface of the program gives the user absolute control over the data recovery process. The program recovers data from existing logical drives even if the file records are lost. However, the program lacks the ability to recover data over the network, as well as the functionality for reconstruction disk arrays and data recovery.
There are two versions of the R-Linux utility: for Linux OS and for Windows OS. They have the same functionality, the difference is only in the host OS.
If you do not understand something about the application, you can read reference guide the links / manual is quite extensive, you will find answers to many questions.
You can download the file for your architecture from the link - , then to install, open the terminal and run the commands:
cd ~/Downloads/ cd ~/Downloads/ sudo dpkg -i rli*
after the installation is completed, look for the application in ubuntu menu - System Utilities - R Linux, after the first launch you will see an English-language application, do not be alarmed, support for "Russian" is also present. Go to Help menu - Interface Language, and select Russian, done.
If you need to restore files, connect a flash drive as an example, you saw that the flash drive was detected, on the Ubuntu sidebar, click the refresh button in the application to see your media. Next, select the section of our flash drive with the mouse cursor and click the " Scan".
As you can see, we are offered to configure scanning parameters in more detail, whether to search for known file types, whether to keep a log, where to specifically search, you can specify from which byte segment you should start scanning, from 0 according to the standard, or you can specify your data.
Scanning has been started, we wait until it is completed, we do not cancel in any case, sometimes it can end badly for a flash drive. The scan is completed, then we see the following picture:
below our flash section there is an area called " Found by signatures", click on this section with the mouse cursor and you will see a new window:
click on the line " Files found by information about typical features of their data structure". After clicking on this link, we will see something like this:
select the directories you need and click the button " Restore Marked", I checked for the sake of the test, the utility works well, try it and unsubscribe according to the result as it is in practice in a real situation when data is lost, files are deleted, and so on.
Paid utility, but it's worth it as it will help out even the most difficult situations, you can buy on the official website -. Advanced utility, the best among data recovery utilities, works with NTFS, NTFS5, ReFS, FAT12/16/32, exFAT, HFS/HFS+ (Macintosh), Little and Big Endian variants of UFS1/UFS2 (FreeBSD/OpenBSD/NetBSD) /Solaris) and Ext2/Ext3/Ext4 FS (Linux). R-Studio also uses file recovery by signatures (search when scanning files of known types) for badly damaged or unknown file systems. The program allows you to recover data both locally and on remote computers over the network, even if disk partitions have been formatted, damaged or deleted.
R-Studio includes:
Of course, not all data recovery utilities are described above, there is also a list with such utilities as Unrm, Giis, Ddrescue, DMDE, PhotoRec, Mondo Rescue and Safecopy, I described only the main ones, about other utilities and their capabilities, I would advise you to read the material - . On this, perhaps, we will end the material, there will be questions, ask, clarify and leave feedback about the utilities used by which you recovered data, maybe what you use is not in the article, describe in the comments what you use.
V. Kostromin (edited by Vanderboot)
The other day, during a small revision of the contents of my site, I came across a translation of the article "10 ways to recover deleted files in linux", the original version of which is dated June 21, 2007. After re-reading the article and trying to follow the links provided in it, I found that some of the links do not work at all (the developers' sites on the network have disappeared), and some of the utilities mentioned in the article have not been updated and are not supported for a long time.
The idea was to see what tools to recover accidentally deleted files exist at the moment. I believe that interest in the means of this kind has not disappeared over the past years. After all, novice Linux users (as well as other operating systems, by the way) often find themselves in a situation where, by mistake caused by inexperience, they delete some files and immediately realize that they did not delete what they wanted. Or maybe they didn’t want to delete something at all.
In addition to cases of erroneous deletion of data, situations are possible when the media turns out to be corrupted, bad sectors appear on the disk, and so on. In such situations, data recovery tools are also needed.
I want to warn you right away that everything stated below has not been personally verified by me and is based only on information published on the developers' websites or in articles with descriptions of the relevant products. And, of course, only freely distributed products are considered in the article. If you are interested in paid (proprietary) products, you can easily find them yourself.
So, here list of utilities for recovering lost data, which I managed to find (the data is current as of November 10, 2010).
In addition to those listed in some articles, utilities are also mentioned. Magicrescue And ntfsundelete from the ntfstools package.
This list can be very useful if you find yourself in a situation where you need to recover data from a damaged media. And it is desirable to master at least some of these tools before there is an urgent need for their use. To do this, it makes sense to test them on artificial examples deleting files, as done in one of the notes in the list of sources.
In conclusion, a few tips, maybe trivial, but certainly useful, on how to try to avoid getting into an unpleasant situation when the use of the above means is required. First, you can make it harder to accidentally delete a file or directory. To do this, make sure that instead of the command rm the command was called rm-i. You can do this with the alias command like this:
Alias rm="rm -i" Then you will be asked an additional question before performing the removal if you really want it.
Second tip: back up your data as often as possible, every day or even every hour. If you follow this advice, then in the worst case, you will lose only the results of your work that you received during the last hour. And the data recovery procedures in this case will be much easier to perform. You can automate the execution of these procedures using cron and the utility rsync by arranging periodic copying of important files and directories to another disk or partition. Or you can use the Mondo Rescue utility mentioned above. By the way, you will learn how to use it, which can be useful in case you need to recover data in an emergency.
And third: before you start trying to recover deleted files, make a copy of the partition in which these files were located, and work with it, and not with the original partition. If you make a mistake again during the recovery process, you can start all over again. If you work with the original partition, you can damage the data irrevocably. You can make a copy of a partition using the command dd(You can read about the use of this command in A. Dmitriev's article "dd: A command that is not like the others").
It is also worth recalling that there are special Linux distributions that run from CD or other removable media and contain a bunch of administration utilities, including data recovery tools. Examples of such distributions include SystemRescue CD and Trinity Rescue Kit.
I believe that the above list will also become obsolete after some time, as happened with the list given in the article mentioned at the beginning of this note. But there will be new means, maybe more advanced. Check back occasionally at the Linux Software Catalog to keep up to date, or better yet, help keep this catalog up to date. Then in any emergency or regular situation, you or another Linux user will be able to find the necessary means and tools to solve their problems.
ABOUT data recovery from file systems Linux didn't write only
lazy. To accomplish this task, there are many different
tools, including the debugfs utility, which easily retrieves any shabby
files from ext2. But what about other FS? How to recover a lost file from
a flash keychain or a nearby NTFS partition? Even the most silent about it
hardworking bloggers. And meanwhile, everything is very simple and prosaic.
It is not always convenient to reboot into another operating system to perform
actions to check file systems, restore files, resize
partitions and perform other data operations. Imagine that there are several
two years have been installed on your computer OS: Windows and Linux. the first
you upload very rarely and only in emergency cases, the second you use
every day and you are already thinking about the complete transition to Linux and the removal of Windows, here
only an NTFS partition that stores data accumulated over the years should be converted to ext3
not possible with any tools. You have to keep two operating systems, because
even though the NTFS partition is accessible from Linux (using ntfs-3g), to solve problems
the file system will still have to be rebooted into Windows.
And if the FAT file system on the Flash drive is covered? Again
reboot into Windows? Or you accidentally deleted a file in the UFS file system,
belonging to a nearby installed FreeBSD? Maybe you are a system
administrator, and disk for Windows Recovery didn't show up at the right time
at hand? I will answer all questions at once: almost all actions upon returning from
non-existence of FAT, NTFS, UFS file systems, recovery of files stored in them,
diagnostics and much more can be done without leaving Linux. From this article
you will know how to do it.
Before proceeding directly to the description of the recovery process,
diagnostics and return of dead files to life, I consider it my duty to acquaint
you with a list of tools used. First, we will need
tools for working with file systems (creating, checking, receiving
information). All of them are distributed in three packages:
1. dosfstools- Utilities for working with FAT file systems.
The package contains only two programs: mkfs.vfat (mkfs.dos) for creating a file
system and fsck.vfat (fsck.dos) to perform a file system check.
2. ufutils- a set of utilities for working with UFS and derivatives (for example,
FFS used by FreeBSD). Contains eight utilities, including mkfs.ufs,
fsck.ufs, tunefs.ufs (FS tuning), growfs.ufs (resizing) and others.
3. ntfsprogs- various utilities for working with NTFS. Does not contain
programs to create or complete check (basic check is possible) file
system, but includes a mass most useful tools, such as ntfscp for
copying files without mounting a partition, "reincarnation" of files ntfsundelete,
ntfsresize partition resizing tool, cloning tool
ntfsclone partitions and others.
We may also need tools for working with hard disk partitions.
disk. There are three most advanced programs of this type:
parted,
designed to create partitions, resize them, move them,
creating and checking file systems;
gpart-
program-recoverer of the erased partition table and
Test Disk-
similar to gpart with a pseudo-graphical interface and a few useful features.
It should be noted that parted is just a good wrapper on top of the described utilities.
to work with filesystems, so pretty much anything that parted can do can and
They. Moreover, there is another wrapper around parted itself, called
. She
just creates a user-friendly GTK GUI in the style of Partition Magic.
In the TestDisk package you will find the PhotoRec utility for
recovery various types files from the partition, regardless of the used
file system. The principle of its work is to find and restore files
by their metadata without analyzing the structure of the file system. PhotoRec is capable
recover images (bmp, jpg, png, tiff, raf, raw, rdc, x3f, crw, ctg,
orf, mrw), audio files (wav, au, mp3, wma), video files (avi, mov, mpg), archives
(bz2, tar, zip), documents (doc, pdf, html, rtf), source code files (c,
pl, sh). A number of programs of the same type can be found in the package
Sleuth Kit for which
there is an autopsy web interface.
In the following sections, we'll look at a few common scenarios.
using the described utilities. First, this detailed description process
file recovery using three different approaches, secondly, fixing
file systems after a crash, thirdly, cloning a partition to multiple machines,
fourthly, a description of the process of transferring data to a smaller partition.
To revive dead files on NTFS, the already mentioned
ntfsundelete from the ntfsprogs package. It is very easy to use and extremely
neat. If you accidentally wiped a file and immediately unmounted the partition, be
sure - ntfsundelete will be able to return it to its place safe and sound.
First you need to view a list of all deleted files:
# ntfsundelete /dev/sda1
The third column of the output will indicate the percentage of file safety. If he
equal to 100% - everything is OK, the file can be brought back to life safe and sound;
a lower value indicates that some of its parts have already been overwritten
new data, so after recovery the file will be, as they say,
broken. In some cases, the possibility of restoring even a half-killed
file can make the weather, but for now let's focus on completely whole copies.
To do this, run the following command:
# ntfsundelete -p 100 /dev/sda1
Wow, how many of them! We will force the program to display only files,
deleted in the last 2 days:
# ntfsundelete /dev/sda1 -p 100 -t 2d
That's better. Restore the file whose inode number (first column of the output)
is 11172, to the /undeleted directory:
# ntfsundelete /dev/sda1 -u -i 11172 -d /undeleted
Files can be restored by mask:
# ntfsundelete /dev/sda1 -u -m "*.doc"
Filter by length:
# ntfsundelete /dev/hda1 -S 5k-6m
Or you can recover all deleted files, and only then figure out
what is what:
# ntfsundelete /dev/sda1 -u -m "*" -d /undeleted
The program extracts files with all attributes, including name and creation time.
It is a pleasure to use it.
To recover data from all other file systems, including FAT, UFS,
EXT3, and any other, it is most convenient to use PhotoRec. We launch
program:
In the main menu, select the experimental device (for example, / dev / sda). Click
partition, and on the next screen the file system type (ext2/ext3 or other).
Set the directory where we want to put the recovered files and press "Y".
The directory must be on a different partition/disk, otherwise you run the risk of aggravating
situation, overwriting deleted files with new data.
Everything, the recovery process has begun, it can last from 10 minutes to
several hours, depending on the "old age" of the file system and the number of
deleted files. You can stop the process at any time by clicking
resume it from where it left off by restarting PhotoRec.
In the directory of your choice, you will find a lot of subdirectories with names like
recup_dir.1, recup_dir.2, each containing a large number of files
different type. PhotoRec does not restore names, so you have to tinker with
raking this whole heap.
PhotoRec also has other disadvantages:
Therefore, in addition to photorec, it is necessary to have other means at hand.
analysis and recovery of lost data. The best in this field is
Sleuth Kit utilities,
containing a huge number of a wide variety of tools that love
use in their work various services for investigating incidents of hacking and
advanced system administrators. We are far from it, and we are interested in
only two utilities from the whole set: fls and icat, designed to search and
extracting files (both existing and deleted).
Let's view the list of deleted files using the fls utility:
# fls -rd /dev/sdb1
r/r*117: dsc0005.jpg
r/r*119: dsc0006.jpg
r/r*122: dsc0007.jpg
r/r*125: dsc0008.jpg
r/r*128: dsc0009.jpg
The "-r" flag causes the program to recursively go through all directories, and "-d"
- show only deleted files.
Most likely, the listing will be very long, and it will also contain a list
inodes that have already been given to other files (the realloc line in the third
column), so we filter it and send it to less:
# fls -rd /dev/sda1 | grep -v "(realloc)" | less
In the third column you will see the inode numbers, and in the fourth - their names.
To extract a file from the FS, use the icat command (the "-r" flag is for
to recover a deleted file):
# icat -r /dev/sda1 1023 > /home/vasya/tmp/my_file
To restore all files, you can use the following command:
# for i in `fls -rd /dev/sda1 | grep -v "(realloc)" |\
awk("print $3")|tr -d [:]`; do icat -r -f fat /dev/sdb1 $i >\
/home/vasya/tmp/inode-$i ;done
If you want to find a specific file, then the output of fls can simply be "warmed":
# fls -rd /dev/sda1 | grep -v "(realloc)" | grep my_file.jpg
The great thing about the Sleuth Kit utilities is that they use
a wide variety of methods for searching for deleted files and their parts. This and
analysis of file system control structures, and various heuristic methods,
and pattern matching. In fact, with the Sleuth Kit it is possible to return to
life, even files overwritten on ext3 (despite the fact that the ext3 developers themselves talk about
the impossibility of carrying out such an operation).
Fix broken file system very simple. Enough
use the standard fsck.vfat utilities (for FAT12 file systems,
FAT16 and FAT32), fsck.ufs (for UFS, UFS2, FFS), and ntfsfix (for NTFS).
Unfortunately, ntfsfix is unable to completely fix NTFS. She only fixes
some of its problems and sets the forced file check flag.
system, so that the next reboot into Windows will launch
chkdsk for full FS check.
Using virtual machine, we can avoid the need to reload in
Windows. For this:
Let's say you bought a new hard drive and want to move some partitions
from the old disk to the new one. If you start doing it the standard way,
through creating a new partition and manually copying files, then you risk having
a lot of problems related to filename encodings, special files,
protected files, and you will lose a lot of time. It is better to use the method
partition cloning.
UNIX users clone partitions with standard utility dd, which
can be used in conjunction with any file system. To do this on a new disk
a partition is created that is identical in size to the source, and the command "dd if=partition1
of=partition2 bs=1m". In the same way, you can copy an NTFS partition, but in a package
ntfsprogs is a better utility for this purpose.
The ntfsclone program is identical in functionality to the dd command except for
two features. First, it does not copy unused portions of the file
system, and the movement is faster, and the partition image (if you create
image) takes up less space. Secondly, ntfsclone is able to store the image in
special compressed file which is convenient to transfer to other machines.
To clone a partition, just run the following command:
# ntfsclone --overwrite /dev/hda1 /dev/hdb1
And to create an image:
# ntfsclone --save-image --output backup.img /dev/hda1
The ntfsclone utility is especially handy if you decide to copy the installed
Windows on a whole fleet of other machines (classroom or office). For this
it is enough to install Windows on one machine and create an image, which then
can be laid out in a ball and with using Linux LiveCD pour on other machines. To
they were able to boot, you will also have to copy the disk's MBR record:
# sfdisk -d /dev/sda > /share/sda-sfdisk.dump
# dd if=/dev/sda bs=512 count=1 of=/share/sda-mbr.dump
And then write it to the disk of all machines:
# sfdisk /dev/sda< /share/sda-sfdisk.dump
# dd if=/share/sda-mbr.dump of=/dev/sda
What to do if you decide to completely switch to Linux, but do not want to
use various tricks and ntfs-3g to access your old data,
located on an NTFS partition? After all, this section can occupy most of the
disk, and there is no way to simply copy its contents to a new
partition formatted in ext3/ext4. In this case, they will come to your aid again
utilities from the ntfsprogs package, or rather one of them - ntfsresize, which will allow
copy data in small portions to a new file system, and then
reducing the size of the NTFS partition and increasing the ext3 / ext4 partition. For this you
you will need some kind of LiveCD containing ntfsprogs and e2fsprogs at least version
1.41 (for ext4 support, if you are going to transfer data to
her). It is also very desirable that the LiveCD contains a fresh gparted, because
that manually resizing is difficult and dangerous (other than resizing the file system itself,
have to resize the partition using fdisk, one mistake and the whole operation
will have to start over).
So, we boot from the LiveCD and mount the hard disk partitions. Let's say it
the size is 120 GB. Of these, 80 GB is a fully stuffed NTFS partition, and
the remaining 30 GB (yes, exactly 30, after the transfer of marketing gigabytes to
the real volume of the disk turns out to be approximately 111 GB) - this is a partition with
installed Linux, which is occupied by 5 GB. So our window
equals approximately 25 GB. Move files from NTFS partition to ext3/ext4 partition
until their combined size is equal to the size of the window. As a result
the latter is completely filled, and the first "loses weight" by 25 GB.
Unmount both partitions and run gparted. Select the NTFS partition, click the second one
mouse button, select Resize/Move and reduce the section to the size of the window, select
ext3/ext4 partition and increase it by the same window size (the partition will have to
move to the beginning of the disk, and then increase). So we get another 25 GB
freed space, which will allow us to copy some of the files, and then again
resize. Four such passes, and we completely delete the NTFS partition, and
the ext3/ext4 partition is expandable to the entire disk.
As you can see, Linux can not only work with many third-party
file systems, but is also equipped with a mass of utilities for modifying them, carrying out
diagnostics and other operations. You will never find yourself in a hopeless
situations, keeping a LiveCD at hand on Linux-based, which is just that
the most holy grail of any system administrator and user.
Foremost, another popular software for
restoring files by templates.
www.sysresccd.org -
The System Rescue CD contains all the programs mentioned in the article.
I will share a small find, a small program for recovering deleted files. Some time ago it was very necessary, but then I did not find the Scalpel program, unfortunately. In my opinion, of all the methods known to me, this is one of the simplest. Scalpel came from the .
And so the fans of rm -rf are dedicated to:
First and foremost, no one guarantees that Scalpel will be able to recover your files, but chances are there.
Installation (since Ubuntu is installed on the test machine, I will talk about it):
sudo apt-get install scalpel
sudo nano /etc/scalpel/scalpel.conf
…
doc y 10000000 \xd0\xcf\x11\xe0\xa1\xb1\x1a\xe1\x00\x00 \xd0\xcf\x11\xe0\xa1\xb1\x1a\xe1\x00\x00 NEXT
doc y 10000000 \xd0\xcf\x11\xe0\xa1\xb1
…
pdf y 5000000%PDF %EOF\x0d REVERSE
pdf y 5000000%PDF %EOF\x0a REVERSE
…
Now you can start recovery:
scalpel /dev/sda1 -o output
[email protected]:~$ mount
/dev/sda1 on / type ext3 (rw, relatime, errors=remount-ro)
proc on /proc type proc (rw, noexec, nosuid, nodev)
/sys on /sys type sysfs (rw, noexec, nosuid, nodev)
varrun on /var/run type tmpfs (rw, noexec, nosuid, nodev, mode=0755)
udev on /dev type tmpfs (rw, mode=0755)
devshm on /dev/shm type tmpfs (rw)
devpts on /dev/pts type devpts (rw, gid=5, mode=620)
lrm on /lib/modules/2.6.24–21-generic/volatile type tmpfs (rw)
/dev/sda2 on /home type ext3 (rw, relatime)
After working out, go to the output directory and see what is there:
[email protected]:~/output$ ls -l
-rw-r--r-- 1 root root 28189 2009–03–24 14:42 audit.txt
drwxr-xr-x 2 root root 4096 2009-03-24 14:42 doc-3-0
drwxr-xr-x 2 root root 4096 2009-03-24 14:42 doc-3-1
drwxr-xr-x 2 root root 4096 2009-03-24 14:42 doc-3-2
drwxr-xr-x 2 root root 4096 2009-03-24 14:42 doc-4-0
…
drwxr-xr-x 2 root root 4096 2009-03-24 14:42 pdf-5-0
drwxr-xr-x 2 root root 4096 2009-03-24 14:42 pdf-6-0
…
The audit.txt file stores information about the recovery:
[email protected]:~/output$ cat audit.txtScalpel version 1.60 audit file
Started at Tue Mar 24 14:16:04 2009
command line:
scalpel /dev/sda1 -o outputOutput directory: /home/username/output
Configuration file: /etc/scalpel/scalpel.confOpening target "/dev/sda1"
The following files were carved:
File Start Chop Length Extracted From
00053045.doc 183664640 YES 10000000 sda1
00053046.doc 183971840 YES 10000000 sda1
…
00050372.doc 203272192 NO 208896 sda1
00050373.doc 203481088 NO 229376 sda1
…
Completed at Tue Mar 24 14:42:41 2009
We look into the nested directories and see (if we're lucky) our files:
[email protected]:~/output/doc-3–0$ ls -l
total 25564
-rw-r--r-- 1 root root 307200 2009–03–24 14:42 00050348.doc
-rw-r--r-- 1 root root 40960 2009-03-24 14:42 00050349.doc
-rw-r--r-- 1 root root 4354 2009–03–24 14:42 00050350.doc
-rw-r--r-- 1 root root 466686 2009–03–24 14:42 00050351.doc
-rw-r--r-- 1 root root 176128 2009-03-24 14:42 00050352.doc
…
Source - HowtoForge (free translation).
I'll add from myself Scalpel restored far from everything, of course. But a lot, I even forgot about some files already. It works very slowly, eats almost the entire processor during operation.
Scalpel can work with FAT, NTFS, ext 2/3 file systems, that is, you can recover data from win-partitions.
And finally, best way restore very important files is:
1. Make backups.
2. It is very good to think before removal.
Happy data recovery!
Recovery of deleted data is real until you overwrite other information in their place. This is true for any media, so in Mint and other builds of Linux or Windows return erased files are produced according to the same scheme, only the tools differ. Below you will find instructions for working with some programs that are great at recovering deleted data on Linux.
The utility, as the name suggests, was created specifically to search for deleted photos. However, over time, the application has turned into a powerful program that finds and returns files of various formats from oblivion. The only condition for successful recovery of deleted data is that nothing should be written in their place. Therefore, immediately after the loss of files, you must stop working with the disk from which they were deleted. Copying new files, changing the password - nothing worth doing.
Photorec is distributed free of charge as part of the TestDisk package and does not require a registration key. To install it on Linux Mint or another version, open a terminal and run "sudo apt-get install testdisk". To run the program, use the "sudo photorec" command.
The main rule of recovery - never save files to the partition from which they were deleted. It is better to use removable media, when the recovery is completed, just transfer the data back to the system. All data that Photorec manages to find and recover will be in the folder you specified in the last step. The file names will change, so some time will have to be spent on parsing the data, but this is not as critical as the loss of important information.
