Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] Files copied to USB thumb drive completely gone
- Date: Mon, 2 Nov 2009 22:41:37 +0900
- From: Kalin KOZHUHAROV <me.kalin@example.com>
- Subject: Re: [tlug] Files copied to USB thumb drive completely gone
- References: <4AEED4A8.8050601@example.com>
On Mon, Nov 2, 2009 at 21:46, Dave M G <dave@example.com> wrote: > TLUG, > > Do USB thumb drives wear out and just die? They do, especially the cheap ones. But once they die, you cannot write anything to them. > I have a laptop that I don't like to keep any data on. But during the > last week while my main desktop computer was out of commission, I was > using my laptop to continue some work. > > Today I decided to take all the files I have been working on with my > laptop, copy them to my 2GB USB thumb drive, and then transfer them to > my desktop computer. > > I copied and pasted them, and everything seemed normal. Did you accidentally forget to sync the contents and just yanked the USB? Not sure about windoze, but normal Linux kernel needs a few seconds to start syncing on USB drives. There are some patches (for laptops) that keep everything in the memory and write it minutes later. > Later, when I got home, I connected the USB drive to my home computer > and... nothing. It's completely blank. Wiped clean of any files. There's > one hidden directory called "Trash-1000", and it's empty. > > Did I accidentally copy my files to another directory? I opened up the > laptop, and the files are nowhere to be found there either, despite > extensive searching. > > I didn't run any delete commands or anything, so is there any way these > files might just be hidden? If you haven't played too much with the laptop after you "moved" the files, they are still on the laptop hard drive and can be recovered with the proper software. That is expensive though and will require some skill if you are to do it yourself. If the files were important, your best bet is to stop using your laptop immediately, create a full image of the hard drive and work on it to try to recover the files. This is what I do very often (I am digital forensic professional), but it is not an easy to explain process. The short version: 1. boot with SysRescueCD or something 2. connect external drive (eSATA preferable) 3. create an image with dcfldd (or dd) to a file on the external drive 4. make a copy of that file (so you don't destroy it by accident) 5. use some tool like sleuthkit to recover files from the image 6. alternatively use foremost or other file carving tools > Or is that being optimistic? It is, a bit :-| Kalin.
- Follow-Ups:
- Re: [tlug] Files copied to USB thumb drive completely gone
- From: Curt Sampson
- Re: [tlug] Files copied to USB thumb drive completely gone
- References:
- [tlug] Files copied to USB thumb drive completely gone
- From: Dave M G
- [tlug] Files copied to USB thumb drive completely gone
- Prev by Date: Re: [tlug] Files copied to USB thumb drive completely gone
- Next by Date: Re: [tlug] Files copied to USB thumb drive completely gone
- Previous by thread: Re: [tlug] Files copied to USB thumb drive completely gone
- Next by thread: Re: [tlug] Files copied to USB thumb drive completely gone
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |