Testdisk Found What Seems To Be An Android Filesystem...
by ClintongSan from LinuxQuestions.org on (#6FQKZ)
I recently decided to try and use Testdisk to recover a long-lost directory that had a particular game ISO. I'm definitely a noob when it comes to being proficient but have used Testdisk in the past just never to recover a directory after more than a couple days.
My internal (laptop) hard drive is a 1TB HGST (not SSD) so I wasn't too surprised to see that after about 30 minutes the function was only at 02%. I ran the program with sudo, selected my drive and then selected EFI (the partition scheme I've always known this drive to use) and anyways I came back after a couple of hours and the search was almost done but I don't understand what it was showing. A long list of partitions came up, mostly ext4, and here are some of the partition names for clarity...
system
system_ext
odm
odm_dlkm
product
fsg
oem
...and a few more. I wanna say there was another one that started with F and a couple of others. The thing is, I immediately recognize the file system as being very similar to the file system on my Moto device. But the closest I've ever come to having a backup on this computer is having a backup made by TWRP, which might have files with similar names but usually it's obvious if it's a TWRP backup file. I ran dmesg and as expected, the results were over my head but a lot of stuff in the output having to do with bnep, Bluetooth, audit types, and other confusion.
My question, for anyone that has the time and doesn't mind answering, is what is this likely referring to? Is this common? More specific, I've had suspicion that my phone was hacked or had some terrible malware in the past, is it possible that Testdisk saw some kind of connection to my phone, like Bluetooth, and somehow, strangely, was searching my phone's internal storage?? (My device had never been paired, Bluetooth control via the panel had been Turned Off and though WiFi was ON, I was not connected to any network at all. Furthermore, I was doing all of this via running MX Linux from Live USB, only I had selected to Boot From RAM (load live boot to memory/from memory during boot by choosing this option under Advanced at the MX Linux splash screen. Secure Boot was on and I had booted with UEFI, if that makes any difference. I immediately just canceled out of what I was doing and saved the dmesg and dmesg --syslog to an external USB just for record in case something happened after shutting down.
Again, I really appreciate any input at all anyone might give and clarification. Usually there's a pretty simple explanation for these types of things but this was just strange as could be to me. I bought this PC brand new and also my device has never been rooted as it came from Verizon and supposedly such a thing is impossible...(just waiting for my contract to end this year and back to Google Fi or ATT I go. I apologize if any of this is too much detail or confusing, I was just thinking that many details might help anyone explain, should anyone reply
Thanks again for reading and for your time and take care!
Sincerely
Clint
My internal (laptop) hard drive is a 1TB HGST (not SSD) so I wasn't too surprised to see that after about 30 minutes the function was only at 02%. I ran the program with sudo, selected my drive and then selected EFI (the partition scheme I've always known this drive to use) and anyways I came back after a couple of hours and the search was almost done but I don't understand what it was showing. A long list of partitions came up, mostly ext4, and here are some of the partition names for clarity...
system
system_ext
odm
odm_dlkm
product
fsg
oem
...and a few more. I wanna say there was another one that started with F and a couple of others. The thing is, I immediately recognize the file system as being very similar to the file system on my Moto device. But the closest I've ever come to having a backup on this computer is having a backup made by TWRP, which might have files with similar names but usually it's obvious if it's a TWRP backup file. I ran dmesg and as expected, the results were over my head but a lot of stuff in the output having to do with bnep, Bluetooth, audit types, and other confusion.
My question, for anyone that has the time and doesn't mind answering, is what is this likely referring to? Is this common? More specific, I've had suspicion that my phone was hacked or had some terrible malware in the past, is it possible that Testdisk saw some kind of connection to my phone, like Bluetooth, and somehow, strangely, was searching my phone's internal storage?? (My device had never been paired, Bluetooth control via the panel had been Turned Off and though WiFi was ON, I was not connected to any network at all. Furthermore, I was doing all of this via running MX Linux from Live USB, only I had selected to Boot From RAM (load live boot to memory/from memory during boot by choosing this option under Advanced at the MX Linux splash screen. Secure Boot was on and I had booted with UEFI, if that makes any difference. I immediately just canceled out of what I was doing and saved the dmesg and dmesg --syslog to an external USB just for record in case something happened after shutting down.
Again, I really appreciate any input at all anyone might give and clarification. Usually there's a pretty simple explanation for these types of things but this was just strange as could be to me. I bought this PC brand new and also my device has never been rooted as it came from Verizon and supposedly such a thing is impossible...(just waiting for my contract to end this year and back to Google Fi or ATT I go. I apologize if any of this is too much detail or confusing, I was just thinking that many details might help anyone explain, should anyone reply
Thanks again for reading and for your time and take care!
Sincerely
Clint