|
下载安装extundelete之前要安装两个软件包e2fsprogs和e2fsprogs-libs安装顺序:e2fsprogs-->e2fsprogs-libs-->extundelete逐一编译安装[root@crushlinux~]#wgethttp://jaist.dl.sourceforge.net/project/e2fsprogs/e2fsprogs/1.41.14/e2fsprogs-1.41.14.tar.gz[root@crushlinux~]#wgethttp://jaist.dl.sourceforge.net/project/e2fsprogs/e2fsprogs/1.41.14/e2fsprogs-libs-1.41.14.tar.gz[root@crushlinux~]#wgethttp://jaist.dl.sourceforge.net/project/extundelete/extundelete/0.2.4/extundelete-0.2.4.tar.bz2[root@crushlinux~]#tarxfe2fsprogs-1.41.14.tar.gz-C/usr/src/[root@crushlinux~]#cd/usr/src/e2fsprogs-1.41.14/[[email protected]]#./configure[[email protected]]#make&&makeinstall[root@crushlinux~]#tarxfe2fsprogs-libs-1.41.14.tar.gz-C/usr/src/[root@crushlinux~]#cd/usr/src/e2fsprogs-libs-1.41.14/[[email protected]]#./configure[[email protected]]#make&&makeinstall[root@crushlinux~]#tarxfextundelete-0.2.4.tar.bz2-C/usr/src/[root@crushlinux~]#cd/usr/src/extundelete-0.2.4/[[email protected]]#./configure[[email protected]]#make&&makeinstall模拟实验环境:新添加一块硬盘并对其进行分区格式化成ext4,将其挂在到/backupdata目录上,建立测试文件和目录。[root@crushlinux~]#fdisk/dev/sdbCommand(mforhelp):nCommandactioneextendedpprimarypartition(1-4)pPartitionnumber(1-4):1Firstcylinder(1-2610,default1):Usingdefaultvalue1Lastcylinder,+cylindersor+size{K,M,G}(1-2610,default2610):+200MCommand(mforhelp):w[root@crushlinux~]#partprobe/dev/sdb[root@crushlinux~]#mkfs.ext4/dev/sdb1[root@crushlinux~]#mkdir/backupdata/[root@crushlinux~]#mount/dev/sdb1/backupdata/[root@crushlinux~]#mkdir/backupdata/gnutool-delete[root@crushlinux~]#cd/backupdata/gnutool-delete[root@crushlinuxgnutool-delete]#man7man>file1.txt[root@crushlinuxgnutool-delete]#man7man>file2.txt[root@crushlinuxgnutool-delete]#mkdirfolder;cdfolder;man7man>file1.txt[root@crushlinuxfolder]#cd../获取文件校验码[root@crushlinuxgnutool-delete]#md5sumfile*06da9233bf8c0836e4d45e28dfb2b511file1.txt06da9233bf8c0836e4d45e28dfb2b511file2.txt[root@crushlinuxgnutool-delete]#md5sumfolder/file1.txt06da9233bf8c0836e4d45e28dfb2b511folder/file1.txt[root@crushlinuxgnutool-delete]#cd../删除测试文件或目录[root@crushlinuxbackupdata]#rm-rfgnutool-delete/将设备卸载或者改成只读,防止数据被覆盖使用[root@crushlinuxbackupdata]#cd../[root@crushlinux/]#umount/backupdata/或者[root@crushlinux~]#mount-oremount,ro/dev/sdb1查询恢复数据信息,注意这里的--inode2这里会扫描分区:[root@crushlinux/]#extundelete/dev/sdb1--inode2NOTICE:Extendedattributesarenotrestored.Loadingfilesystemmetadata...26groupsloaded.Group:0Contentsofinode2:0000|ed41000000040000377929533a792953|.A......7y)S:y)S0010|3a792953000000000000030002000000|:y)S............0020|0000000002000000d310000000000000|................0030|00000000000000000000000000000000|................0040|00000000000000000000000000000000|................0050|00000000000000000000000000000000|................0060|00000000000000000000000000000000|................0070|00000000000000000000000000000000|................InodeisAllocatedFilemode:16877Low16bitsofOwnerUid:0Sizeinbytes:1024Accesstime:1395226935Creationtime:1395226938Modificationtime:1395226938DeletionTime:0Low16bitsofGroupId:0Linkscount:3Blockscount:2Fileflags:0Fileversion(forNFS):0FileACL:0DirectoryACL:0Fragmentaddress:0Directblocks:4307,0,0,0,0,0,0,0,0,0,0,0Indirectblock:0Doubleindirectblock:0Tripleindirectblock:0Filename|Inodenumber|Deletedstatus.2..2lost+found11gnutool-delete12DeletedDeletedstatus标记为Deleted是已经删除的文件或目录默认恢复到当前所在目录下的RECOVERED_FILES目录中去。准备一个可以读写的分区,注意不要再丢失数据的分区哦![root@crushlinux/]#extundelete/dev/sdb1--restore-allNOTICE:Extendedattributesarenotrestored.Loadingfilesystemmetadata...26groupsloaded.Loadingjournaldescriptors...43descriptorsloaded.Searchingforrecoverableinodesindirectory/...5recoverableinodesfound.Lookingthroughthedirectorystructurefordeletedfiles...0recoverableinodesstilllost.[root@crushlinux/]#cdRECOVERED_FILES/gnutool-delete/[root@crushlinuxgnutool-delete]#lsfile1.txtfile2.txtfolder查看校验码与之前所得是否完全一致[root@crushlinuxgnutool-delete]#md5sumfile*06da9233bf8c0836e4d45e28dfb2b511file1.txt06da9233bf8c0836e4d45e28dfb2b511file2.txt[root@crushlinuxgnutool-delete]#md5sumfolder/file1.txt06da9233bf8c0836e4d45e28dfb2b511folder/file1.txt1、恢复所有文件extundelete/dev/sdb1–restore-all2、恢复目录extundelete/dev/sdb1—-restore-directory/backupdata/gnutool-delete3、恢复文件extundelete/dev/sdb1—-restore-files/backupdata/gnutool-delete/file1.txt4、恢复多个文件创建一个空白文件,内容为要恢复的文件列表,一个文件一行哦!vimrestore/backupdata/gnutool-delete/file1.txt/backupdata/gnutool-delete/file2.txt/backupdata/gnutool-delete/folder/file1.txtextundelete/dev/sdb1—-restore-files'restore'5、根据时间恢复假如删除的时间大概是2014-05-0414:30[root@crushlinux~]#date-d"may0414:30"+%s1399185000得出秒数恢复此时间后删除的所有文件/usr/local/bin/extundelete/dev/sdb1--after1399185000--restore-all6、根据文件的inode恢复extundelete/dev/sdb1--restore-inode778837、查看命令帮助extundelete--help应用总结:extundelete基于整个磁盘的恢复功能较为强大,基于目录和文件的恢复还不够完善。如果误删除了文件,记住对磁盘不要进行任何操作,保留好现场哦!切记:硬盘有价,数据无价!!恢复Linux误删除文件系列之通过文件打开的PID和文件的句柄来恢复环境描述:当前系统中有多个用户登录,其中一个用户对某个文件进行修改,另一个用户对文件执行了删除操作。例如通过cat命令往文件里输入内容[root@rhel6~]#cat>>/tmp/restorehellohihaha而在另一个终端删除这个文件[root@rhel6~]#rm-rf/tmp/restore解决方法:通过文件打开的PID和打开文件的句柄来恢复[root@rhel6~]#lsof|grep-idelete|greprestorecat23308root1wREG8,51473/tmp/restore(deleted)[root@rhel6~]#cd/proc/23308/fdfd/fdinfo/[root@rhel6~]#cd/proc/23308/fd[root@rhel6fd]#ls012[root@rhel6fd]#cp1/tmp/restore[root@rhel6fd]#cat/tmp/restorehellohihahaok文件恢复了~~切记:硬盘有价,数据无价!!
(以上内容不代表本站观点。) --------------------------------- |
本網站是"非商業"(non-commercial)。
