Lately, I was alerted that all pictures on the digital camera in our home had been accidentally deleted. The last transfer of pictures from the memory card to a stationary computer had been two months ago, so there were a lot of pictures at stake. The camera had been shut down immediately when the deletion process had been detected, and the memory card had not been touched since. Enter digital forensics.
In a recent bachelor thesis project I had used file carving tools to recover intentionally hidden files. When I plugged in the memory card to a computer and found a lot of files with undecipherable file names, I decided to give file carving a chance. Searching the web for a while brought me to the site of PhotoRec, a file carving software specialized in image files. It was exactly what I needed. I downloaded and unzipped the software and run it from the command line. It took several painful minutes, and more than 500 pictures could be recovered. They were intact and had the correct timestamp. There were even pictures that had been deleted a long time ago. Well, not so thoroughly deleted as I had expected. The file names of the pictures were not the original ones with an incremented picture number, but that did not pose a big problem, because the file name is not that important anyway.
Lessons learned: I do applicable applied research, forensics is not exclusive to law enforcement, backup intervals of two months are probably too long, and pictures that you think are deleted might be recoverable from the memory card.
