I just happened to unwillingly delete an important, large, encrypted binary file on my NTFS device by calling C++ write functions with the w flag. All I have done so far is unmounting the device. The file has no structure, such as headers, footers, or magic bytes whatsoever. It's just nearly 116 GB of raw binary data. The file is listed in device directory as an empty file with 0 byte size.
Is there anything I can do besides crying?
UPDATE: The filesystem is on HDD, and the HDD is not encrypted. Here is what I tried:
- I unmounted the device that contained the file (
/dev/sda3). - I used TestDisk to scan the device.
- I found an inode with a size matching my missing file (
inode_381265 -> inode_382104 125245022698). - I copied the file (inode_381265) to another device.
However, the file seems to be altered since it's not getting decrypted.
PS: The missing file is an encrypted version of a large 7z file using a custom algorithm. The encryption process is not a standard procedure, but rather a (possibly unsafe) handmade combination of XORing with a key and shifting. There is no metadata embedded in the encrypted data, just raw binary.
Appendix: Screenshot for TestDisk result:
