Scalpel
This is a filesystem-independent recovery tool for Linux and Mac OS, which you can also run on Windows by compiling it with MinGW. The latest version is 2.0. Install it in Fedora with
# yum install scalpel.
Next is some text editing — the configuration file is /etc/scalpel/scalpel.conf. You will find that everything has been commented out — uncomment the specific file format that you want to recover. For example, if I want to recover a deleted zip file, I will uncomment the .zip file section in scalpel.conf, as shown in Figure 1.
Figure 1: Scalpel.config file
Next, in a terminal, run:
# scalpel [device/directory/file name] -o [output directory] |
The output directory, in which you want to store recovered files, should be empty before running Scalpel; otherwise, you will get an error.
Foremost
Foremost is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on disk or partition image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive.
The headers and footers can be specified by a configuration file, or you can use command-line switches to specify built-in file types. Install in Ubuntu and its derivatives with the following command:
# yum install foremost |
There are a lot of options available. For example, to search for a deleted JPEG file, use:
# foremost -t jpg -i /dev/sda1 |
The -t (“type”) option can be given as -t all to search for all file types. Multiple file types are comma-separated, like -t jpg, pdf. The (required) option -i is the base device/directory for the search. You can also specify an output directory with -o.
Referrence :- http://www.linuxforu.com/2011/09/recover-deleted-files-in-linux/
