tech notes

To my surprise this is actually possible. Moreover, it’s much easier than restoring files from ext2 partitions, where you have tools like foremost and photorec. With these tools you can restore contents of your files by looking for certain patterns in raw disk data. Restoring directory structure and file names isn’t that easy. The situation is a bit different with ext3 – all thanks to this great tool – ext3grep.

All one needs to restore deleted data is to unmount your hdd as soon as possible (or remount it ro) and take a copy of it using dd.

Download ext3grep from http://code.google.com/p/ext3grep/ , untargzip it and compile. The easies way to use it I’ve found is to give it a date to undelete all files removed after.

ext3grep /dev/sdb1 –restore-all –after=1226937993

It will create a RESTORED_FILES directory and create all recovered files and directores there. It does take some time to do that, but after all it’s a bit complicated process A very interesting and detailed document about the internals of ext3, file recovery and ext3grep (with more examples) is here.

Posted on Friday, November 21st, 2008 at 5:49 pm in linux | rss feed for comments| You can skip to the end and leave a response. Pinging is currently not allowed.