Ext3 file system anti-deletion tool-ext3grep

Ext3 file system anti-deletion tool-ext3grep
GuideAs an enterprise-level server, Linux is crucial to data security. Any data del loss or accidental deletion is intolerable! Recently I came into contact with a software-ext3grep, which can restore the accidentally deleted data. Next I will briefly explain this software.Restoration principle of ext3grep

Restoring a file using ext3grep does not depend on a specific text format. First, ext3grep obtains information about all files in the current file system through the root inode of the file system (inode in the root directory is generally 2), including existing and deleted files, the information includes the file name and inode. Then, the inode information is combined with the log to query the location of the block where the inode is located, including the direct block and indirect block information. Finally, use the dd command to back up the information to restore the data file.

Ext3grep Installation

Ext3grep Official Website: http://code.google.com/p/ext3grep/

Network Disk download: http://pan.baidu.com/s/1i47ZPsT

The required system packages are as follows:

[root@localhost ~]#rpm -qa | grep e2fsprogse2fsprogs-libs-1.39-8.el5e2fsprogs-1.39-8.el5e2fsprogs-devel-1.39-8.el5

All three of the above must be installed. Otherwise, problems may occur in subsequent installation.

The compilation and installation process is as follows:

[root@localhost /opt]# tar zxvf ext3grep-0.10.2.tar.gz[root@localhost ext3grep-0.10.2]# ./configure[root@localhost ext3grep-0.10.2]# make[root@localhost ext3grep-0.10.2]# make install[root@localhost ext3grep-0.10.2]# ext3grep -vRunning ext3grep version 0.10.2

The default ext3grep command is stored in the/usr/local/bin directory. Use "ext3grep -- help" to obtain detailed help.

Ext3grep recovery fileSimulate an accidental data deletion Environment

The following describes how to use ext3grep to restore a data file in a simulated environment:

[root@localhost ~]# mkdir /disk[root@localhost ~]# mkdir /mydata[root@localhost ~]# cd /mydata[root@localhost mydata]# dd if=/dev/zero  of=/mydata/disk1 count=102400[root@localhost mydata]#mkfs.ext3 /mydata/disk1

[root@localhost mydata]#mount -o loop /mydata/disk1  /disk[root@localhost mydata]#cd /disk[root@localhost disk]# cp /etc/profile /disk[root@localhost disk]# cp /boot/initramfs-2.6.32-220.el6.i686.img /disk[root@localhost disk]#echo"I am archy" > ext3grep.txt[root@localhost disk]#mkdir /disk/ext3grep[root@localhost disk]#cp /etc/hosts /disk/ext3grep[root@localhost disk]#ls -al

[root@localhost disk]#md5sum profile[root@localhost disk]#md5sum initramfs-2.6.32-220.el6.i686.img[root@localhost disk]#md5sum ext3grep.txt[root@localhost disk]#rm -rf /disk/*[root@localhost /opt]# umount /disk

Query data recovery information

Run the following command to query the data to be restored:

[root@localhost /opt]# ext3grep /mydata/disk1  --ls --inode 2

This command is mainly used to scan all information in the current file system, including existing and deleted files. The files with the D mark are deleted. Run the following command to obtain the path information of the file to be restored:

[root@localhost /opt]# ext3grep /mydata/disk1  --dump-names

Restore Deleted Data

A single file recovery command is as follows:

[root@localhost /opt]# ext3grep /mydata/disk1  --restore-file  ext3grep.txt

The recovered files are stored in the/opt/RESTORED_FILES directory.

The command to restore all deleted data is as follows:

[root@localhost /opt]# ext3grep /mydata/disk1  --reatore-all

Original address: http://www.linuxprobe.com/file-undelete-ext3grep.html