⚠ Official Notice: www.ijisrt.com is the official website of the International Journal of Innovative Science and Research Technology (IJISRT) Journal for research paper submission and publication. Please beware of fake or duplicate websites using the IJISRT name.



MetaRecoverX: Recovery of Deleted Data and Associate Metadata from XFS and Btrfs Filesystems


Authors : Jagendra Singh Chaudhary; Lucky Panchal; Mayank Tak; Milan Kumar

Volume/Issue : Volume 11 - 2026, Issue 4 - April

Google Scholar : https://tinyurl.com/3jwnhje5

Scribd : https://tinyurl.com/2s4zp4cp

DOI : https://doi.org/10.38124/ijisrt/26apr738

PlumX Metrics

Semantic Scholar

ResearchGate

Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.

Abstract : The unintentional loss of digital data due to acciden-tal file deletion, filesystem corruption, or storage device failure represents a critical challenge in the domain of digital forensics and data recovery. While conventional recovery approaches tend to address either file data or metadata in isolation, the simultaneous and accurate restoration of both remains largely underexplored, particularly for modern Linux filesystems such as XFS and Btrfs. This paper presents MetaRecoverX, a purpose-built, Python-based forensic tool that performs deep file carving across more than sixteen file types using magic byte signatures, coupled with structured metadata extraction including timestamps, file permissions, SHA-256 cryptographic hash verification, EXIF data, and document-embedded attributes. The system integrates a command-line interface alongside a PyQt6-based graphical user interface, enabling forensic professionals and general users alike to conduct thorough recovery sessions. Automated generation of detailed PDF and CSV investigation reports further distinguishes MetaRecoverX from existing recovery frameworks. Experimental evaluation conducted on an Ubuntu 24.04 LTS environment demonstrates recovery rates exceeding ninety-two percent for XFS partitions and approximately eightyfive percent for Btrfs partitions, with consistent metadata restoration across diverse file categories. MetaRecoverX contributes a unified, extensible, and practically deployable solution to the evolving landscape of filesystem forensics.

Keywords : Digital Forensics, File Carving, Metadata Recov-ery, XFS Filesystem, Btrfs Filesystem, Python, Data Recovery, SHA256 Integrity Verification, PyQt6, Forensic Reporting.

References :

  1. Z. Wang, “Research of Data Storage Mode and Recovery Method Based on XFS File System,” Research Institute of Electronic Science and Technology, University of Electronic Science and Technology of China, Chengdu, China, 2020.
  2. A. Sweeney, D. Doucette, and W. Hu, “Scalability in the XFS File System,” USENIX Annual Technical Conference, 1996.
  3. C. Lee, A. Majore, C. Sekie, and T. Shon, “XFS File System and File Recovery Tools,” International Journal of Smart Home, vol. 7, no. 1, Jan. 2013.
  4. J.-N. Hilgert, M. Lambertz, and D. Plohmann, “Extending The Sleuth Kit and its Underlying Model for Pooled Storage File System Forensic Analysis,” Digital Investigation, vol. 22, pp. S76–S85, 2017.
  5. D. Pesic, B. Djordjevic, and V. Timcenko, “Competition of Virtualized Ext4, XFS, and Btrfs File Systems under Type-2 Hypervisor,” Proceedings of the IEEE Conference, 2021.
  6. D. Kim, J. Park, K.-G. Lee, and S. Lee, “Forensic Analysis of Android Phone Using Ext4 File System Journal Log,” in Future Information Technology, Application, and Service, Springer, Dordrecht, 2012, pp. 435–446.
  7. S. Lee, W. Jo, S. Eo, and T. Shon, “ExtSFR: Scalable File Recovery Framework Based on an Ext File System,” Multimedia Tools and Applications, vol. 79, pp. 16093–16111, 2019.
  8. W. Jo, Y. Shin, H. Kim, D. Yoo, D. Kim, C. Kang, J. Jin, J. Oh, B. Na, and T. Shon, “Digital Forensic Practices and Methodologies for AI Speaker Ecosystems,” Digital Investigation, vol. 29, pp. S80–S93, 2019.
  9. Y. Shin, H. Kim, S. Kim, D. Yoo, W. Jo, and T. Shon, “Certificate Injection-Based Encrypted Traffic Forensics in AI Speaker Ecosystem,” Forensic Science International: Digital Investigation, vol. 33, p. 301010, 2020.
  10. B. Carrier, File System Forensic Analysis. Addison-Wesley Professional, 2005.
  11. G. C. Kessler, “File Signatures Table,” Gary Kessler Forensics, 2010. [Online]. Available: https://www.garykessler.net/library/filesigs.html
  12. A. Pal and N. Memon, “The Evolution of File Carving,” IEEE Signal Processing Magazine, vol. 26, no. 2, pp. 59–71, 2009.
  13. S. Garfinkel, “Carving Contiguous and Fragmented Files with Fast Object Validation,” Digital Investigation, vol. 4, pp. 2–12, 2007.
  14. G. G. Richard and V. Roussev, “Scalpel: A Frugal, High Performance File Carver,” DFRWS Annual Conference, 2005.
  15. J. R. Lyle and M. Wozar, “Issues with Imaging Drives Containing Faulty Sectors,” Digital Investigation, vol. 3, pp. 13–18, 2006.
  16. A. Hoog, Android Forensics: Investigation, Analysis and Mobile Security for Google Android. Syngress, 2011.
  17. W. McKinney, Python for Data Analysis, 2nd ed. O’Reilly Media, 2018.
  18. D. M. Beazley, Python Essential Reference, 4th ed. Addison-Wesley Professional, 2009.
  19. “Ext4 and XFS File System Forensic Framework Based on TSK,” Journal of Digital Forensics, Security and Law, 2020.
  20. ReportLab Inc., “ReportLab PDF Library User Guide,” 2023. [Online]. Available: https://www.reportlab.com/docs/reportlab-userguide.pdf

The unintentional loss of digital data due to acciden-tal file deletion, filesystem corruption, or storage device failure represents a critical challenge in the domain of digital forensics and data recovery. While conventional recovery approaches tend to address either file data or metadata in isolation, the simultaneous and accurate restoration of both remains largely underexplored, particularly for modern Linux filesystems such as XFS and Btrfs. This paper presents MetaRecoverX, a purpose-built, Python-based forensic tool that performs deep file carving across more than sixteen file types using magic byte signatures, coupled with structured metadata extraction including timestamps, file permissions, SHA-256 cryptographic hash verification, EXIF data, and document-embedded attributes. The system integrates a command-line interface alongside a PyQt6-based graphical user interface, enabling forensic professionals and general users alike to conduct thorough recovery sessions. Automated generation of detailed PDF and CSV investigation reports further distinguishes MetaRecoverX from existing recovery frameworks. Experimental evaluation conducted on an Ubuntu 24.04 LTS environment demonstrates recovery rates exceeding ninety-two percent for XFS partitions and approximately eightyfive percent for Btrfs partitions, with consistent metadata restoration across diverse file categories. MetaRecoverX contributes a unified, extensible, and practically deployable solution to the evolving landscape of filesystem forensics.

Keywords : Digital Forensics, File Carving, Metadata Recov-ery, XFS Filesystem, Btrfs Filesystem, Python, Data Recovery, SHA256 Integrity Verification, PyQt6, Forensic Reporting.

Paper Submission Last Date
30 - April - 2026

SUBMIT YOUR PAPER CALL FOR PAPERS
Video Explanation for Published paper

Never miss an update from Papermashup

Get notified about the latest tutorials and downloads.

Subscribe by Email

Get alerts directly into your inbox after each post and stay updated.
Subscribe
OR

Subscribe by RSS

Add our RSS to your feedreader to get regular updates from us.
Subscribe