• Announcements

    • khawk

      Download the Game Design and Indie Game Marketing Freebook   07/19/17

      GameDev.net and CRC Press have teamed up to bring a free ebook of content curated from top titles published by CRC Press. The freebook, Practices of Game Design & Indie Game Marketing, includes chapters from The Art of Game Design: A Book of Lenses, A Practical Guide to Indie Game Marketing, and An Architectural Approach to Level Design. The GameDev.net FreeBook is relevant to game designers, developers, and those interested in learning more about the challenges in game development. We know game development can be a tough discipline and business, so we picked several chapters from CRC Press titles that we thought would be of interest to you, the GameDev.net audience, in your journey to design, develop, and market your next game. The free ebook is available through CRC Press by clicking here. The Curated Books The Art of Game Design: A Book of Lenses, Second Edition, by Jesse Schell Presents 100+ sets of questions, or different lenses, for viewing a game’s design, encompassing diverse fields such as psychology, architecture, music, film, software engineering, theme park design, mathematics, anthropology, and more. Written by one of the world's top game designers, this book describes the deepest and most fundamental principles of game design, demonstrating how tactics used in board, card, and athletic games also work in video games. It provides practical instruction on creating world-class games that will be played again and again. View it here. A Practical Guide to Indie Game Marketing, by Joel Dreskin Marketing is an essential but too frequently overlooked or minimized component of the release plan for indie games. A Practical Guide to Indie Game Marketing provides you with the tools needed to build visibility and sell your indie games. With special focus on those developers with small budgets and limited staff and resources, this book is packed with tangible recommendations and techniques that you can put to use immediately. As a seasoned professional of the indie game arena, author Joel Dreskin gives you insight into practical, real-world experiences of marketing numerous successful games and also provides stories of the failures. View it here. An Architectural Approach to Level Design This is one of the first books to integrate architectural and spatial design theory with the field of level design. The book presents architectural techniques and theories for level designers to use in their own work. It connects architecture and level design in different ways that address the practical elements of how designers construct space and the experiential elements of how and why humans interact with this space. Throughout the text, readers learn skills for spatial layout, evoking emotion through gamespaces, and creating better levels through architectural theory. View it here. Learn more and download the ebook by clicking here. Did you know? GameDev.net and CRC Press also recently teamed up to bring GDNet+ Members up to a 20% discount on all CRC Press books. Learn more about this and other benefits here.
Sign in to follow this  
Followers 0
Servant of the Lord

Trying to recover photos from formatted MicroSD card

17 posts in this topic

A family friend asked me to try and recover some photos from his Android phone's MicroSD card when it was accidentally reformatted. Not having done this before, I did some googling and found PhotoRec as a tool to try.

 

Using it, I successfully recovered >1000 photos! smile.png

The only problem is, all the photos are the same!? sad.png

 

It looks like a Modern Warfare cover or something - which is odd, because he's an older gentleman and isn't a gamer, afaik.

Here it is:

0bch.jpg

 

[Edit:] Yep, Modern Warfare 2's cover, but without the text or anything.

 

Multiply that by 1,376 files with different filenames, all with a filename like "f11746222.jpg". Always starting with an 'f', 8 numerical digits, and then .jpg.

 

It's possible I selected the wrong drive (It's using the linux-style names of the drives (/dev/sdc/ is the one I was doing it on), rather than Windows single-letter drive names (F:/)), I was going off of the listed size of the drives to guess which one was the MicroSD card; seeing that the MicroSD card is 16 gb, and my harddrives are both >300GB, it seems like I chose the right one. Even if I messed up, I'm fairly sure none of my harddrives have a thousand thumbnails of the MW2 cover art. But Modern Warfare 2 was recently re-installed on this computer... Not while the SD card was plugged in though (MW2 was installed two weeks ago. I was given the MicroSD card this morning).

 

Anyone have a guess what I'm doing wrong? I was expecting photos of his family.

 

Actually, I did recover one photo (and a resized thumbnail of the photo) of two women standing in front of a nice office building - guessing it's his daughters. But other than that, just thousands of duplicates of the exact same image (at the exact same resolution) of the above photo.

 

Is there a different tool you would recommend?

0

Share this post


Link to post
Share on other sites
Sell it on Ebay as a haunted MicroSD card. Or go to the gravesite of the deleted files and have an all-out war with the dead.

Or you could try this: http://www.z-a-recovery.com/. I have not personally tried it but I searched and saw people recommending it.
0

Share this post


Link to post
Share on other sites

I saw when googling that some people release fake data recovery software that damages the PC you run it on, as a prank (instead of using PC A to recover data from accidentally formatted drive B, the software reformats PC A itself).

 

I've no idea if the link you gave does that, but to be safe, I use the wikipedia-test for software downloads (if I can't find it on Wikipedia, it's to be dealt with as extra suspicious).

0

Share this post


Link to post
Share on other sites

Recuva is identifying the files (first it said >340 found, now it's only saying 102 found), but whenever I try to 'Recover' the files, it complains that: "the volume for a file has been externally altered so that the opened file is no longer valid" - which appears to be a standard Windows error message.

 

Weird that it seems like the contents of the MicroSD card is changing... the card didn't fail (afaik), it was accidentally reformatted. I wonder if it's just my MicroSD->SD->USB reader that is giving sporadic results. I'll let the card rest and then give it a try tomorrow.

 

Anyone have any insight or any other suggestions? Recuva for a moment there found a bunch of filenames, dates, filesizes, but couldn't recover the files themselves (giving the aforementioned message)... but said that their sectors weren't overwritten.

0

Share this post


Link to post
Share on other sites

Recovered a good portion of them - running PhotoRec from a Linux boot disk was able to do a much better job, and recovered almost 2000 files (mostly text XML metadata files, but at least 500 photos).

 

PhotoRec was installed by default on the Knoppix disc I had laying around. This is probably the fourth time Knoppix has come in handy.

 

Thanks for the help, gentlemen!

Edited by Servant of the Lord
0

Share this post


Link to post
Share on other sites

The big thing is most of the time it just drops the file table and leaves the files themselves alone. Recovery programs look for bit patterns that match certain file types. Unless the area of the storage was used for something else and the bits overwritten/partially overwritten, it is possible to recover files most of the time.

0

Share this post


Link to post
Share on other sites

I've used PhotoRec a few dozen times to recover data from mistakenly formatted/damaged disks, but it has always worked fine for me and never had an issue with it showing some random data that wasn't on the card. That's just weird.

 

We also used it at one of the places I work. It was one of a half dozen or so tools that were bundled into an automated scan system that all hard drives and digital media were passed through to ensure no critical data remained on the disk before disposal. If they passed the test the disks were then tossed into a modified wood chipper. If they failed then they went back for additional formatting and overwriting. Apparently SSDs have been proving troublesome and are now being melted in a three stage thermite based process. (However I have a suspicion that change in protocol was more of an excuse to use thermite in 'the office', more so than an actual valid issue on security over the wood chipper.)

0

Share this post


Link to post
Share on other sites

 Apparently SSDs have been proving troublesome and are now being melted in a three stage thermite based process. (However I have a suspicion that change in protocol was more of an excuse to use thermite in 'the office', more so than an actual valid issue on security over the wood chipper.)

Eh? shoudn't SSD's be more secure in terms of wiping data, due to how data is erased on a SSD.

0

Share this post


Link to post
Share on other sites

 

 Apparently SSDs have been proving troublesome and are now being melted in a three stage thermite based process. (However I have a suspicion that change in protocol was more of an excuse to use thermite in 'the office', more so than an actual valid issue on security over the wood chipper.)

Eh? shoudn't SSD's be more secure in terms of wiping data, due to how data is erased on a SSD.

 

 

It is "not my department" so to speak, so I'm out of the loop on actual details. The impression I got from lunch time talks with one of the techs is that this one model, of which we bought a ton of, supported this fun in disk compression buffer. Before writing data it compared the next write to its buffer and looked for data blocks that could be quickly compressed/cloned to save space. This in turn gave the techs headaches when it came to their over writing protocol software as the drive kept looking at the incoming data and saying "Hey! I have a copy of that over here in the first 5% of the drive, I'll just point to this bit of already written data..." and then not actually forcing deletes on other parts of the drive that still contained potentially sensitive data. 

0

Share this post


Link to post
Share on other sites

Here's my thoughts about the ghosting images:

The MW2 image turned out to be the same size (220x195) as a few dozen other non-family-photograph images that were mixed in with the real photographs.

I also found a Battlefield 3 cover-art image of about the same size.

 

They were probably cached on the card for some marketing purpose: Maybe as pre-installed wallpapers that came on the phone (weird resolution for a wallpaper though), maybe for some other reason. Perhaps they are the cover-art image for purchasing an app version of the game or something.

 

If the drive had hundreds of entries for files, but they got overwritten and all pointed at the same location (a single block of memory early on in the disk, for example - which might reinforce the idea that they were pre-installed for marketing reasons), PhotoRec could've ended up accidentally pulling from the same memory block hundreds of times. I don't know how filesystems are actually laid out, nor what method PhotoRec uses to recover files, so this is purely speculation.

0

Share this post


Link to post
Share on other sites

And they didnt think of trying to switch from filling with zeros to filling with a stream of ever changing random numbers?

 

Given that much of the sensitive data is frequently made up of streams of fairly random numbers, detecting the difference between a legit random data stream that was previously on the hard drive and a 'safe' random stream used to overwrite it is somewhat non-trivial. So the only data that was allowed to exist on the drives before their destruction is a series of cat photos, that way it is easy to verify that the data is in fact not fractional remains of sensitive material that was required to be fully scrubbed prior to drive physical destruction.

 

I'm sure it sounds very odd, but the protocol had the drives handled at various levels on their way out. The checks and additional scrubbing just prior to destruction were to weed out issues that were happening in levels above. If the guys handling drive destruction detected data that wasn't suppose to reach them then there was a problem upstream of them. And if they can eliminate the data that the previous department failed to, then there was a problem at the previous department that needed to be fixed/heads roll. Destruction and disposal guys get security clearance to see the data, but the data isn't suppose to have made it to them. (Reduces the ability for someone to nick a drive in transit between its department and destruction.)

0

Share this post


Link to post
Share on other sites

And they didnt think of trying to switch from filling with zeros to filling with a stream of ever changing random numbers?

 

Many SSD's these days tend to use internal full-drive encryption and simply erase the encryption key, permanently destroying all data on the drive. This approach works to the SSD's strengths by reducing the amount of writes required, and is quite efficient especially when done at the hardware level. In theory, if this was done right, there would be no possible recovery. But in practice, nothing is implemented properly and the firmware is so opaque and has so many levels of indirection that you're better off just physically destroying the drive for peace of mind happy.png

 

(just to make it clear, the encryption feature offers no security whatsoever when it comes to someone stealing your SSD, because it is built into the firmware, it exists only so that data at rest can be quickly disposed of without forcibly overwriting every last bit of information and wearing out the drive in the process, and it does not prevent you from using an additional encryption layer if you are the paranoid type)

0

Share this post


Link to post
Share on other sites

once I used Photo Rec and went in same state of affairs as you. Then my friend suggest me one utility named as Remo Recover for Android. Trust me, I effortlessly recovered my photos from Android phone SD card. You can also try this utility.    

0

Share this post


Link to post
Share on other sites

Uh, it seems that file recovery threads get more targeted spambot responses than many other topics (you see this on other forums when googling as well).
The two posts above me are spambots, and there was a third that was already removed.
 
Since my problem is resolved, could a moderator lock this thread?

For any future person having the same issue:

Using the Linux version of PhotoRec from a Knoppix install disc worked perfectly for me (and both of these are free/opensource)

For some reason (I think it might have been my cheap SD card reader which I got for free and probably cost < $2 to manufacture) the Windows version of PhotoRec wasn't doing as great a job (but is still worth giving a try).

Edited by Servant of the Lord
0

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0