Recover overwritten files using grep

Posted on Wed 02 August 2017 in Linux

Any one who has used a computer for a good amount of time has overwritten a file. A late night mv command typo'd, a drag and drop misclick. Even if you stop using the drive straight away, most disk recovery tools won't look for files that have been overwritten rather than straight up deleted. But with a bit of luck, you can use one of the simplest linux command line tools to recover your precious files!

Just a heads up before we start, this method only really works on text files. Binary files, such as music and video, are a little more difficult to search for!

The most important thing is to stop writing to the file system as soon as possible! Unplug it, power it off, STOP USING IT!

To begin with, have your device in a working linux install, but unmounted. You need to know the rough length of the file, and a small amount of text from within the file. The more you can remember, the less junk you'll have to search through.

The command we'll be using is grep. Grep can search through binary files (such as block devices!) for text strings. It has a few …


Continue reading