Although there's no common "undelete" command for a Linux EXT3 file system, you can recover many types of accidentally erased files, including documents, graphics, and system files using the "Foremost" console application.
When you delete a file, the data is not really overwritten. The pointer in the filesystem to the file is simply removed so the disk area can be overwritten when necessary. The more the disk is written to after the file is deleted, the larger the chance it will be overwritten and become unrecoverable.
Foremost is a command line utility for finding and recovering deleted files based on their type. It was origionally developed for the US Air Force Office of Special Investigations. It can recover files from a number of filesystems, including fat, ext3 and NTFS. It can be installed and run from the live cd.
Foremost can recover files with the following extensions:
jpg, gif, png, bmp, avi ,exe, mpg, wav, riff, wmv, mov, pdf, ole, Excel, Access, doc, zip, XML, SXW, SXC, SXI, SX, rar, htm, cpp
For other file extensions we may need to edit /etc/foremost.conf which can be found in man page of Foremost (man foremost)
How to Install:
Enable the universe repository and install foremost:
sudo apt-get install foremost
Assuming the lost files are on a USB drive (sda), you need to create a writeable directory on another drive where you can put the recovered files
sudo mount /dev/sdb1 /recovery
sudo mkdir /recovery/foremost
And then run foremost:
sudo foremost -i /dev/sda -o /recovery/foremost
or for specific file format e.g. video (avi):
sudo foremost -t avi -i /dev/sda -o /recovery/foremost
The recovered files will then be owned by root. Change their ownership so that you can use them:
sudo chown -R youruser:yourgroup /recovery/foremost
Please note that there's no guarantee that foremost will succeed in recovering your files, but at least there's a chance.
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment