Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ extundelete: the Linux-based open source data recovery tools     - Linux platform host to prevent hacking skills (Linux)

- TypeScript basic grammar (Programming)

- Various sorting algorithms implemented in Python (Programming)

- Android application security of data transmission security (Programming)

- HBase in MVCC implementation mechanism and its application (Database)

- PXE installation of Linux servers (Server)

- To install MySQL on Linux (Database)

- [Errno 4] IOError: [Errno ftp error] with yum appears as a workaround (Linux)

- Python control multi-process and multi-threaded concurrency (Programming)

- Understand the security restore accidentally deleted critical system files (Linux)

- Linux disk partition batch format mount script (Linux)

- MongoDB in bulk timestamp change the date format (Database)

- Traffic monitor Linux Python Version (Programming)

- Detailed PHP code optimization [section] (explain reasons) (Programming)

- Gentoo: existing preserved libs problem solving (Linux)

- KVM virtualization of nested virtualization (Linux)

- The method of MySQL two kinds of incomplete recovery (Database)

- Simple to use Linux GPG (Linux)

- How to install Linux Kernel 4.0 On CentOS 7 system (Linux)

- Extended VMware Ubuntu root partition size (Linux)

 
         
  extundelete: the Linux-based open source data recovery tools
     
  Add Date : 2018-11-21      
         
         
         
  Under Linux, the open source based data recovery tool There are many common are debugfs, R-Linux, ext3grep, extundelete and other, more commonly used ext3grep and extundelete, restore the principles of these two tools is basically the same, only more powerful extundelete , this article focuses
 
  **************************************************
  * Lsof recovery mode *
  **************************************************
                    lsof
  Just file is deleted, you want to restore, first try lsof.
  #lsof | grep data.file1
  # Cp / proc / xxx / xxx / xx /dir/data.file1
  
  Or ps -ef
  
  **************************************************
  * Extundelete recovery mode *
  **************************************************
  
  The first time to do is to uninstall is to delete the partition where the data resides, if it is the root partition data was mistakenly deleted
  
  
 yum install gcc gcc ++
 yum install gcc gcc-c ++ gcc-g77

yum install e2fsprogs e2fsprogs-libs e2fsprogs-devel
[Root @ dg extundelete-0.2.4] # ./configure
Configuring extundelete 0.2.4
Writing generated files to disk

tar xjf extundelete-0.2.4.tar.bz2
cd extundelete-0.2.4
./configure
make && make install

[Root @ dg extundelete-0.2.4] # make
make -s all-recursive
Making all in src
extundelete.cc:571: Warning: The parameter is not used 'flags'
[Root @ dg extundelete-0.2.4] # make install
Making install in src
  / Usr / bin / install -c extundelete '/ usr / local / bin'
  
 

--- View Help
root @ dg extundelete-0.2.4] # make install
Making install in src
  / Usr / bin / install -c extundelete '/ usr / local / bin'
[Root @ dg extundelete-0.2.4] # extundelete --help
Usage: extundelete [options] [-] device-file
Options:
  --version, - [vV] Print version and exit successfully.
  --help, Print this help and exit successfully.
  --superblock Print contents of superblock in addition to the rest.
                        If no action is specified then this option is implied.
  --journal Show content of journal.
  --after dtime Only process entries deleted on or after 'dtime'.
  --before dtime Only process entries deleted before 'dtime'.
Actions:
  --inode ino Show info on inode 'ino'.
  --block blk Show info on block 'blk'.
  --restore-inode ino [, ino, ...]
                        Restore the file (s) with known inode number 'ino'.
                        The restored files are created in ./RECOVERED_FILES
                        with their inode number as extension (ie, file.12345).
  --restore-file 'path' Will restore file 'path'. 'path' is relative to root
                        of the partition and does not start with a '/'
                        The restored file is created in the current
                        directory as 'RECOVERED_FILES / path'.
  --restore-files 'path' Will restore files which are listed in the file 'path'.
                        Each filename should be in the same format as an option
                        to --restore-file, and there should be one per line.
  --restore-directory 'path'
                        Will restore directory 'path'. 'Path' is relative to the
                        root directory of the file system. The restored
                        directory is created in the output directory as 'path'.
  --restore-all Attempts to restore everything.
  -j journal Reads an external journal from the named file.
  -b blocknumber Uses the backup superblock at blocknumber when opening
                        the file system.
  -B Blocksize Uses blocksize as the block size when opening the file
                        system. The number should be the number of bytes.
  --log 0 Make the program silent.
  --log filename Logs all messages to filename.
--log D1 = 0, D2 = filename Custom control of log messages with comma-separated
  Examples below:. List of options Dn must be one of info, warn, or
  --log info, error error. Omission of the '= name' results in messages
  --log warn = 0 with the specified level to be logged to the console.
  --log error = filename If the parameter is '= 0', logging for the specified
                        level will be turned off. If the parameter is
                        '= Filename', messages with that level will be written
                        to filename.
  -o directory Save the recovered files to the named directory.
                        The restored files are created in a directory
                        named 'RECOVERED_FILES /' by default.

Parameters (options) are:
--version, - [vV], display the software version number.
--help, display software help.
--superblock, display the superblock information.
--journal, display the log information.
--after dtime, time parameters, indicating that after a certain period of time deleted files or directories.
--before dtime, time parameters, represents a period of time before being deleted files or directories.

Action (action) are:
--inode ino, display node "ino" information.
--block blk, display data block "blk" information.
--restore-inode ino [, ino, ...], restore command parameters, it indicates that the recovery node "ino" files, file recovery will be automatically placed in the current directory RESTORED_FILES file folder, use the node number as the extension .
--restore-file 'path', restore command parameters specified path that will restore the file, and the file recovery RECOVERED_FILES placed under the current directory.
--restore-files 'path', the restore command parameters, it said it would resume listed in the path of all the files.
--restore-all, restore command parameters, it said it will try to recover all the directories and files.
-j journal, indicates reading extension logs from the named file.
-b blocknumber, represents superblock backup before use to open the file system, generally used to view existing super block is not currently desired files.
-B Blocksize, that the use of the data block size to open the file system, generally used for viewing already know the size of the file.

  1> fuser -k / dev / part && umount / dev / disk deleted data - kill processes accessing the disk, umount deleted data disc
  2> extundelete --inode 2 / dev / disk deleted data
  3> extundelete --restore-inode 13 / dev / disk deleted data
  4> to return to RECOVERD_FILES /
  
  
After the data has been accidentally deleted, the first time to do is to uninstall is to delete the partition where the data resides, if it is the root partition data was mistakenly deleted,
The system will need to enter single-user mode, and the root partition mounted read-only. The reason is very simple, because the file will be deleted,
Just to the inode file pointer is cleared in the sector, but also the actual files stored on disk, if the disk read-write mode continues to mount,
These data blocks of the deleted files can be re-allocated out of the operating system, after which the database is overwritten by new data, these data really lost,
Recovery tool also powerless. and so! Mounted read-only disks can minimize the risk of data in the database is overwritten, in order to improve data recovery success ratio.

Delete 1.txt

Method 1: inode recovery
See delete files on which partition
root @ dg extundelete-0.2.4] # df -h
File system capacity has been available for use with the mount point %%
/ Dev / sda2 44G 3.0G 39G 8% /
tmpfs 1004M 76K 1004M 1% / dev / shm
/ Dev / sda1 194M 51M 134M 28% / boot
# Extundelete / dev / sda4 --inode 2
mkdir test

extundelete / dev / sda4 --restore-inode 8001 document

Compare Files
diff / etc / passwd recover_file / file12
If there is no output, indicating that the two documents exactly the same

Method 2: be recovered by file name
extundelete / dev / sdb1 --restore-file passwd
RECOVERED_FILES will generate a directory in the current directory, which has been restored to save the file

Method 3: restore by directory name
extundelete / dev / sdb1 --restore-directory / mongodb

Method 4: restore all accidentally deleted files:
extundelete / dev / sdb1 --restore-all
extundelete data recovery can also be achieved for a period of time. You can "--after" and "--before" parameter

You can not restore empty files and empty directories

Method 4:
extundelete / dev / sda4 --restore-all a

extundelete not restore empty files and empty directories

************************************************** *******************************
Use debugfs
With debugfs find deleted files inode, then the idea of ​​recovery.
[Root @ hs12 ~] # debugfs / dev / sdb1
debugfs 1.41.12 (17-May-2010)

debugfs:
debugfs: lsdel
Inode Owner Mode Size Blocks Time deleted
0 deleted inodes found.
     
         
         
         
  More:      
 
- Linux server startup and logon security settings (Linux)
- Windows SmartGit installation (Linux)
- 20 Linux commands interview questions and answers (Linux)
- Timeout control related to Python threads and a simple application (Programming)
- Linux Command Tutorial: Ubuntu apt-get command (Linux)
- File easier to compare tools under Linux (Linux)
- Linux ldconfig command (Linux)
- LVM management reduces swap partition space to the root partition (Linux)
- How to release the cache memory on Linux (Linux)
- Process monitoring tools Supervisor start MongoDB (Database)
- Create your own YUM repository (Linux)
- Kubernetes resolve application deployment model (Server)
- Oracle Linux 6.4 installed Oracle 11gR2 + RAC + ASM (Database)
- iOS persistence of data archiving NSKeyedArchiver (Programming)
- Git you do not know about some of the things (Linux)
- Oracle ORA-01089 failure analysis (Database)
- 64 Ubuntu 15.04 Linux kernel upgrade to Linux 4.1.0 (Linux)
- Docker use Dockerfile created since the launch of the service support SSH container mirror (Server)
- PostgreSQL export data dictionary documents (Database)
- Linux Shell Scripting Interview Question (Linux)
     
           
     
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.