Chinaunix
标题:
linux下数据恢复 使用软件ext3grep 测试通过
[打印本页]
作者:
听老歌
时间:
2011-12-09 17:34
标题:
linux下数据恢复 使用软件ext3grep 测试通过
linux下数据恢复 使用软件ext3grep 测试通过
# 软件下载列表 :
http://code.google.com/p/ext3grep/downloads/list
# 1、安装
01.cd /opt
02.wget http://ext3grep.googlecode.com/files/ext3grep-0.10.1.tar.gz
03.tar -zxf ext3grep-0.10.1.tar.gz
04.cd ext3grep-0.10.1
05../configure
06.make
07.make install
复制代码
复制代码
# 2、制造分区
01.mkdir /home/sheng
02.cd /home/sheng
03.dd if=/dev/zero of=file count=102400
04.mkfs.ext3 file
05.# !!!!按Y继续
06.mount -o loop /home/sheng/file /mnt/
07.
08.# 可以看到已经挂上去了
09.df -h
10.
11.# 写入数据到 /mnt
12.mkdir /mnt/del
13.echo 1 > /mnt/del/1
14.echo 2 > /mnt/del/2
15.echo 3 > /mnt/del/3
16.
17.# 删除数据
18.rm -rf /mnt/del
复制代码
复制代码
# 3、开始恢复
01.# 卸载文件所在的分区 /home/sheng/file
02.umount /home/sheng/file
03.# 查看
04.df -h
05.
06.# 扫描分区
07.ext3grep /home/sheng/file --ls --inode 2
08.
09.- - - - -
10.
11.[root@db1 sheng]# ext3grep /home/sheng/file --ls --inode 2
12.Running ext3grep version 0.10.1
13.Number of groups: 7
14.Loading group metadata... done
15.Minimum / maximum journal block: 447 / 4561
16.Loading journal descriptors... sorting... done
17.The oldest inode block that is still in the journal, appears to be from 12454502 09 = Sat Jun 20 06:23:29 2009
18.Number of descriptors in journal: 17; min / max sequence numbers: 2 / 3
19.Inode is Allocated
20.Finding all blocks that might be directories.
21.D: block containing directory start, d: block containing more directory entries.
22.Each plus represents a directory start that references the same inode as a direc tory start that we found previously.
23.
24.Searching group 0: DDD++
25.Searching group 1:
26.Searching group 2:
27.Searching group 3:
28.Searching group 4:
29.Searching group 5:
30.Searching group 6:
31.Writing analysis so far to 'file.ext3grep.stage1'. Delete that file if you want to do this stage again.
32.Result of stage one:
33. 3 inodes are referenced by one or more directory blocks, 2 of those inodes are still allocated.
34. 1 inodes are referenced by more than one directory block, 1 of those inodes is still allocated.
35. 0 blocks contain an extended directory.
36.Result of stage two:
37. 2 of those inodes could be resolved because they are still allocated.
38.All directory inodes are accounted for!
39.
40.
41.Writing analysis so far to 'file.ext3grep.stage2'. Delete that file if you want to do this stage again.
42.The first block of the directory is 433.
43.Inode 2 is directory "".
44.Directory block 433:
45. .-- File type in dir_entry (r=regular file, d=directory, l=symlink)
46. | .-- D: Deleted ; R: Reallocated
47.Indx Next | Inode | Deletion time Mode File nam e
48.==========+==========+----------------data-from-inode------+-----------+======== =
49. 0 1 d 2 drwxr-xr-x .
50. 1 2 d 2 drwxr-xr-x ..
51. 2 end d 11 drwx------ lost+fou nd
52. 3 end d 5497 D 1245450214 Sat Jun 20 06:23:34 2009 drwxr-xr-x del
53.[root@db1 sheng]#
54.
55.- - - - -
56.
57.# 恢复单个 仅目录 里面的文件恢复失败 ..
58.ext3grep /home/sheng/file --restore-file del
59.
60.# 恢复目录里面的一个文件
61.ext3grep /home/sheng/file --restore-file del/1
62.
63.# 恢复所有文件
64.ext3grep /home/sheng/file --restore-all
65.
66.
67.--restore-file 'path'
68.
69. Will restore file 'path'. 'path' is relative to the
70. root of the partition and does not start with a '/' (it
71. must be one of the paths returned by --dump-names).
72. The restored directory, file or symbolic link is
73. created in the current directory as 'RESTORED_FILES/path'.
74.
75. --restore-all As --restore-file but attempts to restore everything.
76. The use of --after is highly recommended because the
77. attempt to restore very old files will only result in
78. them being hard linked to a more recently deleted file
79. and as such polute the output.
80. --show-hardlinks Show all inodes that are shared by two or more files.
复制代码
复制代码
作者:
健康木乃伊
时间:
2011-12-22 18:55
学习鸟 谢谢分享
欢迎光临 Chinaunix (http://bbs.chinaunix.net/)
Powered by Discuz! X3.2