You need that point to go see if there is anything left of that old data, when you use this type of recovery method.
You can also do a RAW scan without using partition and file tables.
In a recovery from RAW data this file will not show up as wallet.dat or ballet.dat because it's raw data, it does not have a filename anymore.
But it does have a header so in such case the file will pop up as ******.db because the recovery application picked up on it's database header.
You can test the file in bash with $ file and it will tell you the exact type.
Code:
$ file ******.db
******.db Berkeley DB (Btree, version 9, native byte-order)
******.db Berkeley DB (Btree, version 9, native byte-order)
It can also show something else but in case of a wallet it will show Berkeley DB.
So if you found a wallet.dat then this does not mean that you found the actual wallet, it could be only a reference point.
But if you found a .db then you can be sure it's a database file and i have found several but they were already emptied.
We found exactly 44 wallets.
Quote
f4204024.db: Berkeley DB (Btree, version 9, native byte-order)
f35048320.db: Berkeley DB (Btree, version 9, native byte-order)
f61344210.db: Berkeley DB (Btree, version 9, native byte-order)
f58211446.db: Berkeley DB (Btree, version 9, native byte-order)
f33779786.db: Berkeley DB (Btree, version 9, native byte-order)
f0208040.db: Berkeley DB (Btree, version 9, native byte-order)
f4673642.db: Berkeley DB (Btree, version 9, native byte-order)
f61399680.db: Berkeley DB (Btree, version 9, native byte-order)
f4673674.db: Berkeley DB (Btree, version 9, native byte-order)
f18790112.db: Berkeley DB (Btree, version 9, native byte-order)
f4294446.db: Berkeley DB (Btree, version 9, native byte-order)
f33779818.db: Berkeley DB (Btree, version 9, native byte-order)
f4294478.db: Berkeley DB (Btree, version 9, native byte-order)
f17315832.db: Berkeley DB (Btree, version 9, native byte-order)
f61408994.db: Berkeley DB (Btree, version 9, native byte-order)
f58252320.db: Berkeley DB (Btree, version 9, native byte-order)
f46519344.db: Berkeley DB (Btree, version 9, native byte-order)
f3442350.db: Berkeley DB (Btree, version 9, native byte-order)
f18790080.db: Berkeley DB (Btree, version 9, native byte-order)
f36736740.db: Berkeley DB (Btree, version 9, native byte-order)
f46519312.db: Berkeley DB (Btree, version 9, native byte-order)
f0208008.db: Berkeley DB (Btree, version 9, native byte-order)
f21199420.db: Berkeley DB (Btree, version 9, native byte-order)
f61344242.db: Berkeley DB (Btree, version 9, native byte-order)
f4205656.db: Berkeley DB (Btree, version 9, native byte-order)
f4203992.db: Berkeley DB (Btree, version 9, native byte-order)
f3380142.db: Berkeley DB (Btree, version 9, native byte-order)
f61349908.db: Berkeley DB (Btree, version 9, native byte-order)
f61408962.db: Berkeley DB (Btree, version 9, native byte-order)
f21199404.db: Berkeley DB (Btree, version 9, native byte-order)
f58252288.db: Berkeley DB (Btree, version 9, native byte-order)
f35048288.db: Berkeley DB (Btree, version 9, native byte-order)
f61090356.db: Berkeley DB (Btree, version 9, native byte-order)
f61340690.db: Berkeley DB (Btree, version 9, native byte-order)
f61090324.db: Berkeley DB (Btree, version 9, native byte-order)
f3380174.db: Berkeley DB (Btree, version 9, native byte-order)
f51770738.db: Berkeley DB (Btree, version 9, native byte-order)
f4205688.db: Berkeley DB (Btree, version 9, native byte-order)
f17315864.db: Berkeley DB (Btree, version 9, native byte-order)
f58211414.db: Berkeley DB (Btree, version 9, native byte-order)
f61349876.db: Berkeley DB (Btree, version 9, native byte-order)
f61414436.db: Berkeley DB (Btree, version 9, native byte-order)
f36736772.db: Berkeley DB (Btree, version 9, native byte-order)
f61399648.db: Berkeley DB (Btree, version 9, native byte-order)
Dumped them with db-utils to see which ones were intact and which ones were corrupted or encrypted.
