To recover data in Linux a well known software is for instance TestDisk, however this time I will mention an alternative maybe not well known: Foremost: it is a utility released to public domain which was developed by the USA Air Force Office of Special Investigations and The Center for Information Systems Security Studies and Research. It is basically a data scavenger and forensic tool which – regardless of the relative file system – it will scan for specific file types, based on known headers, data structures and footers.
For instance you can scan for XLSX file types with the command below:
foremost -t zip -i /dev/sdb1 -o /restore
Here not only zip files will be scanned to but also jar ones and common Open Office and MS Office files ending in x, which basically are compressed zip files; here with
/restore we mean the output directory for restored files. As always we must restore data in different partition.
If we want just a report without recovering any data the command will be
foremost -w -t zip -i /dev/sdb1 -o /restore
Important: the output directory must be empty, otherwise we must specify the -T; this switch will create a folder starting with the specified name and appending to it the current date and time.
foremost -w -T -t zip -i /dev/sdb1 -o /restore/
Unfortunately this software doesn’t allow to look for specific files or folders, but it can be tried when other tools have failed and because is quite fast. For instance it has been useful to scan for deleted files in a Novell file system (in a old Linux OES).
Even if it should be quite obvious it has to be mentioned that this tool doesn’t work with encrypted partitions.