ntfsundelete (belonging to ntfsprogs) makes it possible to do this from Linux.
ntfsundelete -h for help
ntfsundelete -s, --scan
Search through an NTFS volume and print a list of files that
could be recovered. This is the default action of ntfsun‐
delete. This list can be filtered by filename, size, percent‐
age recoverable or last modification time, using the --match,
--size, --percent and --time options, respectively.
The output of scan will be:
Inode Flags % age Date Size Filename
6038 FN.. 93% 2002-07-17 26629 thesis.doc
│Flag Description │
│F/D File/Directory │
│N/R (Non-)Resident data stream │
│C/E Compressed/Encrypted data stream
Look for deleted files on /dev/hda1.
Look for deleted documents on /dev/hda1.
ntfsundelete /dev/hda1 -s -m '*.doc'
Look for deleted files between 5000 and 6000000 bytes, with at least
90% of the data recoverable, on /dev/hda1.
ntfsundelete /dev/hda1 -S 5k-6m -p 90
Look for deleted files altered in the last two days
ntfsundelete /dev/hda1 -t 2d
Undelete inodes 2, 5 and 100 to 131 of device /dev/sda1
ntfsundelete /dev/sda1 -u -i 2,5,100-131
Undelete inode number 3689, call the file 'work.doc' and put it in the
user's home directory.
ntfsundelete /dev/hda1 -u -i 3689 -o work.doc -d ~
- ► 2013 (33)
- ► 2012 (29)
- More privacy when on internet
- Dependency problems with pacman3.5.1
- Create partition backup using SystemRescueCD and F...
- Undelete deleted files on NTFS partition or HD
- Run firefox in a sandbox for more security
- Deluge permission problems storing to ntfs drive
- Test your hd speed
- Pilaunch Dmenu like starter
- Paccheck tools to control mirrors
- ▼ March (10)
- ► 2010 (90)
- ► 2009 (62)
- ► 2008 (123)
- Exclusion of liability Regarding StillStupid: The use you make of the guides, tips and downloads that you listed on this web site or on another website to which I refer is entirely at your own risk. In no way can I be held liable for damage or consequential damages of any kind, which occurs as a result of that use.