Android file recovery with Linux

I just finished recovering deleted photos from an Android phone's internal memory; time to make some notes while I still remember how it went.

• take the phone offline. Every write to the phone's internal memory carries a risk of overwriting a portion of the deleted data, making it unrecoverable. Automatic update of an application at this moment is not desirable.
• install Android SDK on your computer; you will need adb tool to connect to the phone.
• Enable USB debugging on the phone
• Connect the phone to the computer and run adb shell
• Review the disk contents.

At this point I found a hidden folder .thumbnails next to the usual photo location, DCIM. The folder still contained thumbnails for many of the deleted photos - some directly in jpg format, some in .thumbdata3 file.
Thumbnails from that file can easily be extracted using a python script. Unfortunately no undelete tools are available in default Android installation, so at that point you have 2 options - look for an Android app that can undelete files, or root the phone. Both options will use up some memory, potentially overwriting precious files. I decided to go with rooting.
There are a few options available for rooting; following a recommendation I used Kingo Root (requires Windows, that was probably the hardest part). It took a few minutes to finish and used up ~20 MB of memory. Next steps:

• Find the device hosting /data partition: adb shell mount returns a list of partitions, with names starting from /dev/block.
• Copy the contents of the partition to the computer. I found different suggestions:
• Use cat /dev/block/mmcblk0p24
• Use dd if=/dev/block/mmcblk0p9

These solutions are equivalent, with cat reported to be slightly faster.
Then next choice:

• Redirect shell output
• Use busybox with netcat

Busybox requires separate installation, so I decided to go with output redirection. After following the instructions I was not able to use the extracted data. Apparently redirecting adb shell converts LF to CRLF; fortunately the conversion is easily reversible. One answer suggested using adb exec-out, but this one always returned Error:closed for me.
After reversing the CRLF conversion I had the partition dump. The following tools can be used to recover data:

• testdisk allows opening the dump file and recovering deleted files from the partition. I was able to recover 448 usable photos with it. There were more deleted entries, but their data was already unavailable.
• photorec analyzes the entire partition, looking for files and validating their content. For me it recovered 1700 images, however many of these were from browser cache. It also recovered some photos that testdisk did not find.
• mount the file as a regular partition and use other tools. Exact command was mount -o loop,ro,noexec,noload mmcblk0p24.dd mnt, with the extracted file and the mount point as parameters.

That's it.

Interestingly, many of the pages devoted to Android photo recovery listed kids as the cause of photo loss. Sometimes making a function too easy to use might not be the best thing to do.