当前位置: 首页 > 工具软件 > Ext3grep > 使用案例 >

Linux ext3grep 恢复数据

乐刚毅
2023-12-01

下载地址 http://code.google.com/p/ext3grep/downloads/list

安装


[root@local ext3grep-0.10.1]# ./configure
[root@local ext3grep-0.10.1]# make
[root@local ext3grep-0.10.1]# make install


安装完后,测试一下删除   /boot  下一个的文件

[root@local boot]# ls
config-2.6.18-194.el5      lost+found       symvers-2.6.18-194.el5.gz
grub                       memtest86+-1.65  System.map-2.6.18-194.el5
initrd-2.6.18-194.el5.img  message          vmlinuz-2.6.18-194.el5

[root@local boot]# rm -rf symvers-2.6.18-194.el5.gz
[root@local boot]# ls
config-2.6.18-194.el5  initrd-2.6.18-194.el5.img  memtest86+-1.65  System.map-2.6.18-194.el5
grub                   lost+found                 message          vmlinuz-2.6.18-194.el5

开始恢复

先卸载

[root@local boot]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
                      3.8G  2.1G  1.5G  59% /
tmpfs                 252M     0  252M   0%

/dev/shm/dev/sda1              99M   12M   82M  13% /boot

[root@local boot]#cd ..
[root@local /]# umount /boot
查看有哪些文件被删除了


[root@local /]# ext3grep  /dev/sda1  --ls --inode 2
Running ext3grep version 0.10.1
WARNING: I don't know what EXT3_FEATURE_COMPAT_EXT_ATTR is.
Number of groups: 13
Loading group metadata... done
Minimum / maximum journal block: 526 / 4640
Loading journal descriptors... sorting... done
The oldest inode block that is still in the journal, appears to be from 1331487878 = Mon Mar 12 01:44:38 2012
Number of descriptors in journal: 84; min / max sequence numbers: 6 / 44
Inode is Allocated
Loading sda1.ext3grep.stage2... done
The first block of the directory is 512.
Inode 2 is directory "".
Directory block 512:
          .-- File type in dir_entry (r=regular file, d=directory, l=symlink)
          |          .-- D: Deleted ; R: Reallocated
Indx Next |  Inode   | Deletion time                        Mode        File name
==========+==========+----------------data-from-inode------+-----------+=========
   0    1 d       2                                         drwxr-xr-x  .
   1    2 d       2                                         drwxr-xr-x  ..
   2    3 d      11                                         drwx------  lost+found
   3    4 d   10041                                         drwxr-xr-x  grub
   4    5 r      13                                         rrw-r--r--  memtest86+-1.65
   5    6 r      12                                         rrw-r--r--  message
   6    7 r      19                                         rrw-------  initrd-2.6.18-194.el5.img
   7    8 r      14                                         rrw-r--r--  .vmlinuz-2.6.18-194.el5.hmac
   8    9 r      15                                         rrw-r--r--  System.map-2.6.18-194.el5
   9   11 r      16                                         rrw-r--r--  config-2.6.18-194.el5
  10   11 r      17  D 1331490557 Mon Mar 12 02:29:17 2012  rrw-r--r--  symvers-2.6.18-194.el5.gz
  11  end r      18                                         rrw-r--r--  vmlinuz-2.6.18-194.el5
可以看到symvers-2.6.18-194.el5.gz 的删除时间
[root@local /]# ext3grep  /dev/sda1  --restore-file  symvers-2.6.18-194.el5.gz
Running ext3grep version 0.10.1
WARNING: I don't know what EXT3_FEATURE_COMPAT_EXT_ATTR is.
Number of groups: 13
Minimum / maximum journal block: 526 / 4640
Loading journal descriptors... sorting... done
The oldest inode block that is still in the journal, appears to be from 1331487878 = Mon Mar 12 01:44:38 2012
Number of descriptors in journal: 84; min / max sequence numbers: 6 / 44
Loading sda1.ext3grep.stage2... done
Restoring symvers-2.6.18-194.el5.gz

恢复删除文件 后 保存在 RESTORED_FILES 文件夹里

[root@local /]# cd RESTORED_FILES/

[root@local RESTORED_FILES]# ls
symvers-2.6.18-194.el5.gz

恢复可以指定文件恢复,可以全部恢复,也可以指定时间恢复






 类似资料: