cgsecurity
commented
4 years ago It's a known limitation, PhotoRec doesn't try to detect flac filesize.
Closed HinTak closed 4 years ago
cgsecurity
commented
4 years ago It's a known limitation, PhotoRec doesn't try to detect flac filesize.
HinTak
commented
4 years ago I thought it is just up to 4k padded (the ext4 extent size), so I wrote a program to remove the padding. That got me only 40 of the 900 flac's marched to the original. Quite a lot of them have more than 4k nulls at the end.
So how much is Photorec likely to over-carve?
cgsecurity
commented
4 years ago For flac files, PhotoRec stops the recovery when a new file is found. So it may over-carve a lot!
HinTak
commented
4 years ago Okay. Thanks.
I have a bunch of flac audio files recovered from an accidental
rm -rf. Since they have meta data inside, I can see if I have the original elsewhere. I found the original, and found that the carved file is almost 2k larger, and the extra at the end is all nulls.Original: 7555173 bytes Carved: 7557120 bytes
This is on a 1GB ext4 disk, so I assume it is probably just padded to the next 2k or most likely 4k when it was written.
The extra null does not bother
flac -t.This is with git head from a week or so ago.