Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ extundelete: the Linux-based open source data recovery tools     - 5 interesting Linux command line tips (Linux)

- How to use the internal network IP forwarding to connect to the Internet on Linux (Linux)

- Scala REPL Shell call (Programming)

- To install the Git and Github under Ubuntu (Linux)

- JavaScript closures and the scope chain (Programming)

- Classical sorting algorithm - Selection Sort (Linux)

- Ubuntu 14.10 Install Ubuntu Touch Music App 2.0 (Linux)

- RedHat Redis Linux installation (Database)

- OpenGL shadow map (Programming)

- Analysis of Java keyword final (Programming)

- CentOS 6.5 installation Python3.0 (Linux)

- Linux instructions and examples GPG encryption and decryption (Linux)

- Let your PHP 7 faster (GCC PGO) (Linux)

- CentOS7 Kubernetes used on container management (Server)

- Download Manager uGet 2.0 installed in Debian, Ubuntu, Linux Mint and Fedora (Linux)

- MySQL monitoring tools -orzdba (Database)

- Talk about Java EE Learning (Programming)

- Servlet life cycle works (Programming)

- Kubernetes cluster deployment (Server)

- Ubuntu system process is bound CPU core (Linux)

 
         
  extundelete: the Linux-based open source data recovery tools
     
  Add Date : 2018-11-21      
         
         
         
  Under Linux, the open source based data recovery tool There are many common are debugfs, R-Linux, ext3grep, extundelete and other, more commonly used ext3grep and extundelete, restore the principles of these two tools is basically the same, only more powerful extundelete , this article focuses
 
  **************************************************
  * Lsof recovery mode *
  **************************************************
                    lsof
  Just file is deleted, you want to restore, first try lsof.
  #lsof | grep data.file1
  # Cp / proc / xxx / xxx / xx /dir/data.file1
  
  Or ps -ef
  
  **************************************************
  * Extundelete recovery mode *
  **************************************************
  
  The first time to do is to uninstall is to delete the partition where the data resides, if it is the root partition data was mistakenly deleted
  
  
 yum install gcc gcc ++
 yum install gcc gcc-c ++ gcc-g77

yum install e2fsprogs e2fsprogs-libs e2fsprogs-devel
[Root @ dg extundelete-0.2.4] # ./configure
Configuring extundelete 0.2.4
Writing generated files to disk

tar xjf extundelete-0.2.4.tar.bz2
cd extundelete-0.2.4
./configure
make && make install

[Root @ dg extundelete-0.2.4] # make
make -s all-recursive
Making all in src
extundelete.cc:571: Warning: The parameter is not used 'flags'
[Root @ dg extundelete-0.2.4] # make install
Making install in src
  / Usr / bin / install -c extundelete '/ usr / local / bin'
  
 

--- View Help
root @ dg extundelete-0.2.4] # make install
Making install in src
  / Usr / bin / install -c extundelete '/ usr / local / bin'
[Root @ dg extundelete-0.2.4] # extundelete --help
Usage: extundelete [options] [-] device-file
Options:
  --version, - [vV] Print version and exit successfully.
  --help, Print this help and exit successfully.
  --superblock Print contents of superblock in addition to the rest.
                        If no action is specified then this option is implied.
  --journal Show content of journal.
  --after dtime Only process entries deleted on or after 'dtime'.
  --before dtime Only process entries deleted before 'dtime'.
Actions:
  --inode ino Show info on inode 'ino'.
  --block blk Show info on block 'blk'.
  --restore-inode ino [, ino, ...]
                        Restore the file (s) with known inode number 'ino'.
                        The restored files are created in ./RECOVERED_FILES
                        with their inode number as extension (ie, file.12345).
  --restore-file 'path' Will restore file 'path'. 'path' is relative to root
                        of the partition and does not start with a '/'
                        The restored file is created in the current
                        directory as 'RECOVERED_FILES / path'.
  --restore-files 'path' Will restore files which are listed in the file 'path'.
                        Each filename should be in the same format as an option
                        to --restore-file, and there should be one per line.
  --restore-directory 'path'
                        Will restore directory 'path'. 'Path' is relative to the
                        root directory of the file system. The restored
                        directory is created in the output directory as 'path'.
  --restore-all Attempts to restore everything.
  -j journal Reads an external journal from the named file.
  -b blocknumber Uses the backup superblock at blocknumber when opening
                        the file system.
  -B Blocksize Uses blocksize as the block size when opening the file
                        system. The number should be the number of bytes.
  --log 0 Make the program silent.
  --log filename Logs all messages to filename.
--log D1 = 0, D2 = filename Custom control of log messages with comma-separated
  Examples below:. List of options Dn must be one of info, warn, or
  --log info, error error. Omission of the '= name' results in messages
  --log warn = 0 with the specified level to be logged to the console.
  --log error = filename If the parameter is '= 0', logging for the specified
                        level will be turned off. If the parameter is
                        '= Filename', messages with that level will be written
                        to filename.
  -o directory Save the recovered files to the named directory.
                        The restored files are created in a directory
                        named 'RECOVERED_FILES /' by default.

Parameters (options) are:
--version, - [vV], display the software version number.
--help, display software help.
--superblock, display the superblock information.
--journal, display the log information.
--after dtime, time parameters, indicating that after a certain period of time deleted files or directories.
--before dtime, time parameters, represents a period of time before being deleted files or directories.

Action (action) are:
--inode ino, display node "ino" information.
--block blk, display data block "blk" information.
--restore-inode ino [, ino, ...], restore command parameters, it indicates that the recovery node "ino" files, file recovery will be automatically placed in the current directory RESTORED_FILES file folder, use the node number as the extension .
--restore-file 'path', restore command parameters specified path that will restore the file, and the file recovery RECOVERED_FILES placed under the current directory.
--restore-files 'path', the restore command parameters, it said it would resume listed in the path of all the files.
--restore-all, restore command parameters, it said it will try to recover all the directories and files.
-j journal, indicates reading extension logs from the named file.
-b blocknumber, represents superblock backup before use to open the file system, generally used to view existing super block is not currently desired files.
-B Blocksize, that the use of the data block size to open the file system, generally used for viewing already know the size of the file.

  1> fuser -k / dev / part && umount / dev / disk deleted data - kill processes accessing the disk, umount deleted data disc
  2> extundelete --inode 2 / dev / disk deleted data
  3> extundelete --restore-inode 13 / dev / disk deleted data
  4> to return to RECOVERD_FILES /
  
  
After the data has been accidentally deleted, the first time to do is to uninstall is to delete the partition where the data resides, if it is the root partition data was mistakenly deleted,
The system will need to enter single-user mode, and the root partition mounted read-only. The reason is very simple, because the file will be deleted,
Just to the inode file pointer is cleared in the sector, but also the actual files stored on disk, if the disk read-write mode continues to mount,
These data blocks of the deleted files can be re-allocated out of the operating system, after which the database is overwritten by new data, these data really lost,
Recovery tool also powerless. and so! Mounted read-only disks can minimize the risk of data in the database is overwritten, in order to improve data recovery success ratio.

Delete 1.txt

Method 1: inode recovery
See delete files on which partition
root @ dg extundelete-0.2.4] # df -h
File system capacity has been available for use with the mount point %%
/ Dev / sda2 44G 3.0G 39G 8% /
tmpfs 1004M 76K 1004M 1% / dev / shm
/ Dev / sda1 194M 51M 134M 28% / boot
# Extundelete / dev / sda4 --inode 2
mkdir test

extundelete / dev / sda4 --restore-inode 8001 document

Compare Files
diff / etc / passwd recover_file / file12
If there is no output, indicating that the two documents exactly the same

Method 2: be recovered by file name
extundelete / dev / sdb1 --restore-file passwd
RECOVERED_FILES will generate a directory in the current directory, which has been restored to save the file

Method 3: restore by directory name
extundelete / dev / sdb1 --restore-directory / mongodb

Method 4: restore all accidentally deleted files:
extundelete / dev / sdb1 --restore-all
extundelete data recovery can also be achieved for a period of time. You can "--after" and "--before" parameter

You can not restore empty files and empty directories

Method 4:
extundelete / dev / sda4 --restore-all a

extundelete not restore empty files and empty directories

************************************************** *******************************
Use debugfs
With debugfs find deleted files inode, then the idea of ​​recovery.
[Root @ hs12 ~] # debugfs / dev / sdb1
debugfs 1.41.12 (17-May-2010)

debugfs:
debugfs: lsdel
Inode Owner Mode Size Blocks Time deleted
0 deleted inodes found.
     
         
         
         
  More:      
 
- Nginx server security configuration (Server)
- Python basis: os module on the file / directory using methods commonly used functions (Programming)
- How to enhance the Nagios server security (Linux)
- Linux ldconfig command (Linux)
- CentOS / RHEL 6 was repeated prohibited under the SNMP connection log (Server)
- Linux user opens a number of adjustment processes (Linux)
- DataGuard Standby backup error RMAN-06820 ORA-17629 to solve (Database)
- sudo command scenario analysis (Linux)
- You really do need to know a variety of programming languages (Programming)
- CentOS 6.7 compile and install LAMP (Server)
- To install and use Docker under linux (Server)
- Teach you to diagnose problems with strace (Linux)
- CentOS 7 server environment to quickly build Linux (Server)
- MySQL my.cnf sql_mode schema modifications (Database)
- Oracle multi-user concurrency and transaction processing (Database)
- Linux character device - automatically creates the device nodes and devices (Linux)
- Number JavaScript type system (Programming)
- Java, extends and implements Usage (Programming)
- Linux + Apache + PHP + Oracle based environment to build (Server)
- Git delete files (Linux)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.