[BBLISA] Q on post-rm / fsys (dd,split,strings,whatever)
Doug Mildram
dmildram at gmail.com
Thu Apr 8 22:25:00 EDT 2010
Hi! I'm helping recover someelse's torched / fsys at work
(redhat9,ext3...have "dump" format of the BROKEN / also)
I had a USB external disk (ext3 fs, 200g) to dump onto, and I know this fsys
needs reloading,
but some body parts might (or might not) be worth looking for.
Seriously if you've tried any post-mortem (HEALTY ext3 filesystem, torched
with "rm -rf /" (which is no prob for the fsys itself,
but leaves the data in free blocks, which are
how-badly-scattered-i-wonder.
(background; the root perl script "system" rm -rf $variable/something
did a few dirs and stopped....I have the perl script stderr logfile
for fun)
Would you guess the overall idea, or the rough steps below, might work well,
or not?
I would not dare to ask, but suspect a few of you may have tried something
LIKE this.
Since /boot and /etc (at least; I believe it was rm -rf / )
got wiped a few hours ago, I have the RAW FILESYSTEM too.
So the QUESTION is about recovering pieces of the REMOVED files perhaps e.g.
# dd if=/dev/sda2 of=FILEname01 count=500mb ( "bs=8k" not needed
these days right?)
#dd if=/dev/sda2 of=FILEname02 skip=500mb count=500mb ( 2nd of roughly 60
pieces )
=================
thought the above might be smarter than "split --bytes=
So using plain tools like "split", "strings", "grep" I wonder if I could
recreate parts of a few files.
dump of / had 3-5 gb (I'm home now, I forgot: took 1 hour to "dump" it to
usb2)
has the files WITHOUT /etc
(dd of 31gb / filesystem : 31gb. Not a problem.
Maybe split it into ~ 500mb pieces with "split" ,,,,or "dd
count=(whatever500mb)
Then (havent really done this yet) idea# strings 500mbfile01 > strings01
Will be fun to see if "strings" is useful here. Any tips?
--
(other ideas are fun topics too, since I'm holding the firehose, not the
torch)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.bblisa.org/pipermail/bblisa/attachments/20100408/286d516c/attachment.htm
More information about the bblisa
mailing list