Linux ext3grep 恢复数据
发布时间:2019-09-02 07:42:39编辑:auto阅读(1431)
下载地址 http://code.google.com/p/ext3grep/downloads/list
安装
[root@local ext3grep-0.10.1]# ./configure
[root@local ext3grep-0.10.1]# make
[root@local ext3grep-0.10.1]# make install
安装完后,测试一下删除 /boot 下一个的文件
[root@local boot]# ls
config-2.6.18-194.el5 lost+found symvers-2.6.18-194.el5.gz
grub memtest86+-1.65 System.map-2.6.18-194.el5
initrd-2.6.18-194.el5.img message vmlinuz-2.6.18-194.el5
[root@local boot]# rm -rf symvers-2.6.18-194.el5.gz
[root@local boot]# ls
config-2.6.18-194.el5 initrd-2.6.18-194.el5.img memtest86+-1.65 System.map-2.6.18-194.el5
grub lost+found message vmlinuz-2.6.18-194.el5
开始恢复
先卸载
[root@local boot]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
3.8G 2.1G 1.5G 59% /
tmpfs 252M 0 252M 0%
/dev/shm/dev/sda1 99M 12M 82M 13% /boot
[root@local boot]#cd ..
[root@local /]# umount /boot
查看有哪些文件被删除了
[root@local /]# ext3grep /dev/sda1 --ls --inode 2
Running ext3grep version 0.10.1
WARNING: I don't know what EXT3_FEATURE_COMPAT_EXT_ATTR is.
Number of groups: 13
Loading group metadata... done
Minimum / maximum journal block: 526 / 4640
Loading journal descriptors... sorting... done
The oldest inode block that is still in the journal, appears to be from 1331487878 = Mon Mar 12 01:44:38 2012
Number of descriptors in journal: 84; min / max sequence numbers: 6 / 44
Inode is Allocated
Loading sda1.ext3grep.stage2... done
The first block of the directory is 512.
Inode 2 is directory "".
Directory block 512:
.-- File type in dir_entry (r=regular file, d=directory, l=symlink)
| .-- D: Deleted ; R: Reallocated
Indx Next | Inode | Deletion time Mode File name
==========+==========+----------------data-from-inode------+-----------+=========
0 1 d 2 drwxr-xr-x .
1 2 d 2 drwxr-xr-x ..
2 3 d 11 drwx------ lost+found
3 4 d 10041 drwxr-xr-x grub
4 5 r 13 rrw-r--r-- memtest86+-1.65
5 6 r 12 rrw-r--r-- message
6 7 r 19 rrw------- initrd-2.6.18-194.el5.img
7 8 r 14 rrw-r--r-- .vmlinuz-2.6.18-194.el5.hmac
8 9 r 15 rrw-r--r-- System.map-2.6.18-194.el5
9 11 r 16 rrw-r--r-- config-2.6.18-194.el5
10 11 r 17 D 1331490557 Mon Mar 12 02:29:17 2012 rrw-r--r-- symvers-2.6.18-194.el5.gz
11 end r 18 rrw-r--r-- vmlinuz-2.6.18-194.el5
可以看到symvers-2.6.18-194.el5.gz 的删除时间
[root@local /]# ext3grep /dev/sda1 --restore-file symvers-2.6.18-194.el5.gz
Running ext3grep version 0.10.1
WARNING: I don't know what EXT3_FEATURE_COMPAT_EXT_ATTR is.
Number of groups: 13
Minimum / maximum journal block: 526 / 4640
Loading journal descriptors... sorting... done
The oldest inode block that is still in the journal, appears to be from 1331487878 = Mon Mar 12 01:44:38 2012
Number of descriptors in journal: 84; min / max sequence numbers: 6 / 44
Loading sda1.ext3grep.stage2... done
Restoring symvers-2.6.18-194.el5.gz
恢复删除文件 后 保存在 RESTORED_FILES 文件夹里
[root@local /]# cd RESTORED_FILES/
[root@local RESTORED_FILES]# ls
symvers-2.6.18-194.el5.gz
恢复可以指定文件恢复,可以全部恢复,也可以指定时间恢复
上一篇: Unity3D 协程 浅谈
下一篇: MyBatis系列:(3)基于MyBat
- openvpn linux客户端使用
47867
- H3C基本命令大全
46433
- openvpn windows客户端使用
37321
- H3C IRF原理及 配置
34767
- Python exit()函数
29336
- openvpn mac客户端使用
25998
- python全系列官方中文文档
24951
- 1.常用turtle功能函数
19970
- python 获取网卡实时流量
19568
- python 获取Linux和Windows硬件信息
18056
- python3-scipy-ndimage平滑
5810°
- python3-scikit-image平滑去噪
6436°
- python3-PIL非线性噪声平滑
5952°
- python3-Scipy-ndimage进行盒核与高斯核平滑比较
5978°
- python3-PIL高斯模糊滤波器平滑
7083°
- python3-PIL基于盒模糊核均值化平滑
5928°
- python3-PIL线性噪声平滑
5969°
- python3-scikit-image直方图匹配
6461°
- python3-scikit-image对比拉伸和直方图均衡化
6425°
- python3-PIL二值化
7803°
- 姓名:Run
- 职业:谜
- 邮箱:383697894@qq.com
- 定位:上海 · 松江
