Identifying the type of a file
After the ant attack, i was installing windows xp on a fresh partition. While doing the installation, windows xp install executed chkdsk, and did some really stupid thing. It somehow manage to detect some errors on other partition as shown below :
Unrecoverable error in folder \FolderName.
Convert folder to file (Y/N)? Yes
It never asked me if I wanted to correct this error ! It itself corrected the errors! As a result, the entire folder got converted to a file called FolderName which of 32kb in size. The same thing was done for around 12 to 13 folders. (got this info from the event log)
And the content of the folder ??? gone. vanished.
Later, I found that CHKDSK had created a folder called FOUND.000 in the root directory of that drive, and it contained tons of files serially numbered…
FILE0000.chk
FILE0001.chk
FILE0002.chk
and so on….
So, basically, it had taken the content of the folder (the lost one), and created these files.
Now, the data was present, but the task was to Identify the type of the file. Around 4K plus files were created. Not all of them were important, but some were, and they were quite big. Eg, My old mail archives - PST file…. or some JPG photos that I had clicked with my digi cam!
I was looking for some tool or program which could identify the type of a file. And my search ended up with a tool called TrID.
Its a very good tool, and here is the description from its readme file.
TrID is a utility designed to identify file types from their binary
signatures. While there are similar utilities with hard coded rules,
TriID has no such rules. Instead, it is extensible and can be trained
to recognize new formats in a fast and automatic way.TrID uses an XML-based database of definitions which describe
recurring patterns for supported file types.You can help creating new definitions!
Just run the TrIDScan module against a number of files of a given type.
The program will do the rest.
Basically there are three versions available..
1. Command line version - good for batch jobs.
2. GUI version - TrIDNet - based on .net - so you need the .net framework installed.
3. The online version. - You can upload a file, and get to know the type of the file.
Hope this info becomes useful in case you find a need for such a utility.
So, now, 100% recovery is possible, but, its a painful process. Maybe I should write some code which automates the renaming part!
3 comments | August 22nd, 2005 at 11:18pm