Recovery method for file deletion under Linux system

Source: Internet
Author: User

For RM, many people have a bitter lesson. I also met once, the program written in the afternoon was the RM dropped, fortunately just a document, the next day and quickly re-write again. But a lot of people may not be as lucky as I am. This article collects some methods of recovering RM deleted files under Linux, and gives you a reference.

First of all, the best way is to avoid this problem, here are a few suggestions:

1, Rm-rf The consequences of misoperation is terrible, Rm-f also to think twice, not easy to use.

2, do a good job of data backup.

3, with some strategies to avoid errors:

Advocate the use of TAB completion under the shell, with the script to perform tasks, reduce the chance of error. or write a script, named RM, in the script to change the real RM to MV, will delete the MV into a specified directory, regular cleanup.

Then can the RM deleted files be recovered?

The RM man has the following statements:

Note that if you use RM to delete a file, you can usually still restore the file to its original state. If you want to ensure that the contents of the file cannot be restored, consider using shred.

So theoretically the RM deleted files can still be recovered. Deleting a file is simply releasing the index point (information nodes) that points to the block, as long as it is not overwritten and the data is actually on the hard disk, the key is to find the index point and then grab the data in the data block it refers to and save it to another partition. After using RM to delete files, the first thing we need to do is to make sure that we no longer write data to the partition where we mistakenly deleted the files.

Usually we can have the following options:

1, the use of tools.

2, write your own program. You need to be programmed and aware of the corresponding file system.

3, if the data is very useful, perhaps can find a professional company rescue.

Tools

1, the Sleuth Kit http://www.sleuthkit.org/sleuthkit/(autopsy is one of its graphics front end)

2, Foremost http://foremost.sourceforge.net

3, an all-round tool, FinalData, can be restored unix/linux/dos under the file deleted by mistake. For UNIX, these products are supported, Solaris, AIX, and HP-UX. For Linux, the EXT2 file system is supported. For DOS, the file system supports Fat 12/16/32, NTFS 4/5/5.1.

4. If the file system is ext2 (invalid for ext3):

The deletion mechanism of ext3 is to delete inode data directly, so ext3 cannot be undelete (EXT3 is designed to not recover deleted files).

Unrm

Ext2ed

Debugfs (Undel Lsdel)

Recover

Midnight Commander (MC)

E2undel

Tct

5. If the file system is FAT32 or NTFS:

Easyrecovery

FinalData

6, FreeBSD if the use of RM, you can try undelete this command.

7. When a process opens a file, lsof can be used to recover deleted files as long as the process keeps the file open.

Transferred from: http://www.linuxidc.com/Linux/2008-08/14744.htm

RM-RF under Linux is a terrible command, because releasing this command means that once the deleted files are irretrievable, is this the case? Is there really no remedial action? The answer is tactful, under certain conditions can be remedied, everyone may be familiar with the removal of Windows under the remediation of the software implementation of the relevant, under Linux can also be remedied, but there is a premise: there is no coverage of the action (meaning that before attempting to recover deleted data, Delete files in the directory can not store new things, or how much to lose!

The kit used here is ext3grep, the system must be installed on the default E2fsprogs-lib, 2fsprogs-devel, E2FSPROGS5, GCC, gcc++ these software
[Email protected] ~]# Rpm-qa|grep e2fsprogs
E2fsprogs-libs-1.39-23.el5
E2fsprogs-devel-1.39-23.el5
E2fsprogs-1.39-23.el5

Source Installation Ext3grep
[Email protected] ~]# llext3grep-0.10.2.tar.gz
-rw-r--r--1 root root 236364 Oct ext3grep-0.10.2.tar.gz

[Email protected]~]# tar zxvf ext3grep-0.10.2.tar.gz
[Email protected] ~]# CD ext3grep-0.10.2
[Email protected] ext3grep-0.10.2]#./configure
[[email protected] ext3grep-0.10.2]# make && make install
[Email protected] ~]# Ll/usr/local/bin
Total 2656
-rwxr-xr-x 1 root root 2709704 Oct 04:46 ext3grep//www.linuxidc.com This is the executable file.

Next, demonstrate a remedial process instance

[Email protected]~]# mkdir/data//ixdba/

[[Email protected]]# dd If=/dev/zero of=data-disk bs=1m count=105
[[email protected] data]# mkfs.ext3 data-disk//File system formatted as ext3, enter Y at the prompt that appears
[Email protected] data]# mount-o loop/data/data-disk/ixdba///Mount
[[email protected] data]# cp/etc/host*/ixdba///Go inside and put the file
[Email protected] data]# cp/etc/passwd/ixdba/
[Email protected] data]# cd/ixdba/
[[email protected] data]# RM-RF *//Create delete action
[Email protected] data]# cd/data/

[[Email protected]]# ext3grep/data/data-disk--ls--inode 2//view lost files

[[Email protected]]# ext3grep/data/data-disk--restore-file passwd//restore only passwd this file
[[email protected] data]# ext3grep/data/data-disk--restore-all//Recovery action, all recovery

[Email protected]]# ls
Data-disk Data-disk.ext3grep.stage1 Data-disk.ext3grep.stage2 Restored_files
[[email protected] data]# ll restored_files///All recovered files are all stored in this folder, they are all back.
Total 48
-rw-r--r--1 root root, Oct 06:03host.conf
-rw-r--r--1 root root 187 Oct 06:03hosts
-rw-r--r--1 root root 161 Oct 06:03hosts.allow
-rw-r--r--1 root root 347 Oct 06:03hosts.deny
drwx------2 root root 4096 Oct 06:04 Lost+found
-rw-r--r--1 root root 1635 Oct 06:03 passwd

Summary: This can only be achieved by the first recovery of the action, and can not be covered by the action.

Attention:

1. Ext3grep followed by the partition name, not the directory name

2.--restore-file restore the specified file, the path name has special requirements, specifically, please use-HELP to view

3. All recovered files are placed in the Restored_files directory under the partition, not the original directory

4. For the required installation package, you can find it on the system CD and the SDK CD. For example, I found all the RPM packages I needed on the SUSE11SP1 system CD and the SDK CD (although the Ext3grep source package is still online). Not really can also go to the Internet to download.

Transferred from: http://blog.csdn.net/andy572633/article/details/8066363

Recovery method for file deletion under Linux system

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.