13. Are there any tools to automate this process?
As it happens, there are. Unfortunately, I believe that they currently suffer from the same problem as the manual inode modification technique: indirect blocks are unrecoverable. However, given the likelihood that this will shortly no longer be a problem, it's well worth looking these programs out now.
I have written a tool called e2recover
, which is essentially a Perl
wrapper around fsgrab
. It makes a reasonable amount of effort to deal
with zeroed indirect blocks, and seems to work fairly well as long as there
was no fragmentation. It also correctly sets the permissions (and when
possible the ownership) of recovered files, and even makes sure that
recovered files have the correct length.
I originally wrote e2recover
for the forthcoming major update to this
Howto; unfortunately this means that much of the useful documentation for
e2recover
is scheduled for inclusion in that update. Be that as it
may, it should be useful now; it can be downloaded from
my web site, and
soon from Metalab.
Scott D. Heavner is the author of lde
, the Linux Disk Editor. It can
be used as both a binary disk editor, and as an equivalent to debugfs
for ext2 and minix file systems, and even for xia file systems (though xia
support is no longer available in 2.1.x and 2.2.x kernels). It has some
features for assisting undeletion, both by walking the block list for a
file, and by grepping through disk contents. It also has some fairly useful
documentation on basic file system concepts, as well as a document on how to
use it for undeletion. Version 2.4 of lde
is available on
Metalab
and mirrors, or on
the author's web site.
Another possibility is offered by the GNU Midnight Commander, mc
. This
is a full-screen file management tool, based AFAIK on a certain MS-DOS
program commonly known as `NC'. mc
supports the mouse on the Linux
console and in an xterm, and provides virtual file systems which allow
tricks like cd
-ing to a tarfile. Among its virtual file systems is one
for ext2 undeletion. It all sounds very handy, although I must admit I
don't use the program myself -- I prefer good old-fashioned shell commands.
To use the undeletion feature, you have to configure the program with the
-
-with-ext2undel
option; you'll also need the development libraries and
include files that come with the e2fsprogs
package. The version
provided in
Debian GNU/Linux is
built in this way; the same may apply to packages for other Linux
distributions. Once the program is built, you can tell it to cd
undel:/dev/hda5
, and get a `directory listing' of deleted files. Like
many current undeletion tools, it handles zeroed indirect blocks poorly --
it typically just recovers the first 12k of long files.
The current version may be downloaded from the Midnight Commander ftp site.
Next Previous Contents