LinuxQuestions.org - Recovering files from an ext3 partition after forgetting to umount before removal

- Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)

- - Recovering files from an ext3 partition after forgetting to umount before removal (https://www.linuxquestions.org/questions/linux-general-1/recovering-files-from-an-ext3-partition-after-forgetting-to-umount-before-removal-632857/)

Recovering files from an ext3 partition after forgetting to umount before removal

I was backed up my system to a 500gb usb external drive and yanked out the usb cable without thinking (or checking if the files were properly transfered for that matter). After formatting and installing FC7, I plug in the drive to find it empty (was empty prior to the backup). I df the drive and it tells me the drive has a total of 460gb, 199mb used, 435gb available. The files I attempted to back up (~25gb) are there, somewhere, I think (hope).

Is there a way to recover at least part of the data? I've had a horrible day and this was the perfect end.

First thing to do is to cease using both the computer or the external drive, because your data can be recovered from possibly both. Using a data carver that searches for file signatures in every sector of a drive/partition to recover files not yet overwritten with new data regardless of new partitioning and or re-formatting. The only time a sector is cleared is when you use a zero fill utility or a random write pattern over every sector, the data that used to be there is still there until you overwrite it by downloading e-mail, etc..
When you install a new operating system in a new partition where the new partition starts in the same place as the last that contained an old OS, it will generally be installed in the same area of the drive as the old OS reducing the risk of overwriting personal data stored in another "region" of the partition.
Boot with a live CD containing testdisk package and open up a full screen terminal and issue command: photorec to recover many of the most common file formats from either or both drives. Just make sure to have another drive to write the contents of photorec's findings, which can be nearly as large as the partition itself in size on an older drive.
Any forensics CD has many useful applications to assist in stubborn situations, like the Helix CD base on Knoppix.

BTW:
Forensics CD's generally mount hard drives in read only mode, you must unmount them and re-mount in read/write mode to write to a hard drive. Some reading of the "Helix for beginners" documentation may also be helpful.