Home Recovery Sitemap
Links
Home
Recover Deleted File Method
Site Map
Business Listings
Computer Computer
  Networking
  Services
Shopping Shopping
  Computer - Electronics
 



 

Recover Deleted File Method

Let's say you lost a the last letter that your Dad wrote to you before he died, and all you really remember is that he wrote something about a Studebaker automobile he had as a kid. "Studebaker" is a great word to search for because the odds are that not a lot of files have that word in it.

So you use your best friend "grep" on the blocks that were saved:

% grep -il studebaker blocks/* > matching_files

(-i ignores case, -l lists the file names)

If you see a match, examine the file(s) listed with a good pager that can handle binary data, such as "less". If you find it, congrats!

The above approach may fail with an error like "Argument list too long" when there are many files. In that case, try the more robust but more verbose version:

% find blocks -type f -print | xargs grep -il studebaker >matching_files

If you're looking for something that isn't so unique, think of keywords that might help you out (like your name, employers, etc.) You could then do something like:

% egrep -il 'keyword1|keyword2|...' blocks/*.txt > matching_files

Images are likewise easy to examine; simply do something like ("xv" is a fine Unix image viewer/editor, "gimp" and others can also be used):

% xv blocks/*.gif blocks/*.jpg

Text based log files (syslog, message, etc.), even though they will often be spread out all over the disk because of the way they are written (a few records at a time), are actually potentially easy to recover - and in the correct order - because of the wonderful time stamp on each line; the simplest way (until a better log analyzer is written) is to (the tr(1) is in there to remove nulls; commands such as sort don't like nulls in the files they work with!):

% cat blocks/*.l.txt | tr -d '\000' | sort -u > all-logs

And then browse through them. A few bits and pieces will probably be lost (due to the fragmentation at block and fragment boundaries), but it's a good way to start.

Some data, like C source code, is very easy to confuse with other types of program files and text, so a combined arms approach that uses grep & the browser is sometimes useful (more on the browser approach in a bit).

Another good way to find source code is if you know of a specific #include file that the code uses or a specific output line that the program emits - a simple:

% grep -l rpcsvc/sm_inter.h blocks/*.[cpt].txt

Will find any files that have rpcsvc/sm_inter.h in them (not a lot, probably! ;-)) This sort of brute force approach can be quite useful.

Again, beware of concatenating lots of recovered blocks/files together and performing text based searches or operations on them (sort, grep, uniq, etc.)

• Marketplace 1
Shopping Cart and E-Commerce
RecoverDeleted Files
Colon Care
Pain Relief
Skin Care
Birth Control
Stop Smoking
Muscle Relaxer
 
• Marketplace 2
Lexmark Printers
 
   
[Home] [Recover Deleted File Method] [Site Map]
Daily Auction Daily Medical Daily Medical