Extundelete is a utility that can recover deleted files from an ext3 or
ext4 partition.
The ext3 file system is the most common file system when using Linux,
and ext4 is its successor.
extundelete uses the information stored in the partition's journal to
attempt to recover a file that has been deleted from the partition.
There is no guarantee that any particular file will be able to be
undeleted, so always try to have a good backup system in place, or at
least put one in place after recovering your files!
Login as root
Extract the downloaded file and enter in to the directory using cd command,
Installation is very simple, Type
./configure
make && make install.
[root@tester ~]# cd /usr/local/src/
Download the latest version of extun delete from the below URL
http://extundelete.sourceforge.net/
To compile and install this program, you must first install the binary and development packages for e2fsprogs and e2fslibs. You must also have installed a C++ compiler and a make utility to be able to compile extundelete. You will get a error like below if your system doesn't have C compiler installed.
[root@tester ~]# ./configure
Configuring extundelete 0.2.0
configure: error: C++ compiler cannot create executables
See `config.log' for more details.
Just Install the C Compiler to fix this issue,
[root@tester ~]# Yum install gcc
and Now
[root@tester ~]# ./configure
Configuring extundelete 0.2.0
Writing generated files to disk
[root@tester ~]# make
make -s all-recursive
Making all in src
[root@tester ~]# make install
Making install in src
/usr/bin/install -c 'extundelete' '/usr/local/bin/extundelete'
Installed Successfully.
Extundelete will restore any files it finds to a subdirectory of the current directory named “RECOVERED_FILES”. To run the program, type “extundelete --help” to see various options available to you.
[root@tester ~]# cd /data
[root@tester data]# rm -rf test1
Here /dev/mapper/VolGroup02-data is mounted in /data
To recover the deleted file, We need to unmount the /data parition
[root@tester ~]# umount /data
[root@tester ~]#/usr/local/bin/extundelete /dev/mapper/VolGroup02-data --restore-all
WARNING: Extended attributes are not restored.
Loading filesystem metadata ... 1485 groups loaded.
Loading journal descriptors ... 102 descriptors loaded.
Writing output to directory RECOVERED_FILES/
Searching for recoverable inodes in directory / ...
1 recoverable inodes found.
Looking through the directory structure for deleted files ...
Failed to restore inode 98305 to file RECOVERED_FILES/test1:Unable to set proper file size.
0 recoverable inodes still lost.
[root@tester ~]# cd RECOVERED_FILES
It will create the RECOVERED_FILES Directory and restore the files in it,
[root@tester ~]# ls
test1
File restored successfully.
Now you can remount the partition /dev/mapper/VolGroup02-data to /data
[root@tester ~]# mount /dev/mapper/VolGroup02-data /data
You can follow the same steps for a restoring a single directory or single file using the following syntax.
extundelete /dev/sdb1 —-restore-directory
extundelete / —-restore-files
To Recover files in the / partition,
In my system /dev/sda2 is mounted on /
cd /
rm -rf test2
mount -o remount,ro /
# cd /secondarydrive (/dev/sda3) or (should have read/write access)
# extundelete / —-restore-files /test2
/usr/local/bin/extundelete / --restore-files /test2
Received error like below
/usr/local/bin/extundelete: "/" is a directory. You need to use the raw filesystem
used /dev/sda2 and the files are recovered successfully.
# cd RECOVERED_FILES
# ls
#test2
I have tried and recovered files up to 2 GB in the /partition. I never tried after reboot because the inode numbers may be replaced or overwritten by other files newly created and it is not possible to recover the files deleted before reboot.
You can download and get more information on this, from the below URL.
http://extundelete.sourceforge.net/
Login as root
Extract the downloaded file and enter in to the directory using cd command,
Installation is very simple, Type
./configure
make && make install.
[root@tester ~]# cd /usr/local/src/
Download the latest version of extun delete from the below URL
http://extundelete.sourceforge.net/
To compile and install this program, you must first install the binary and development packages for e2fsprogs and e2fslibs. You must also have installed a C++ compiler and a make utility to be able to compile extundelete. You will get a error like below if your system doesn't have C compiler installed.
[root@tester ~]# ./configure
Configuring extundelete 0.2.0
configure: error: C++ compiler cannot create executables
See `config.log' for more details.
Just Install the C Compiler to fix this issue,
[root@tester ~]# Yum install gcc
and Now
[root@tester ~]# ./configure
Configuring extundelete 0.2.0
Writing generated files to disk
[root@tester ~]# make
make -s all-recursive
Making all in src
[root@tester ~]# make install
Making install in src
/usr/bin/install -c 'extundelete' '/usr/local/bin/extundelete'
Installed Successfully.
Extundelete will restore any files it finds to a subdirectory of the current directory named “RECOVERED_FILES”. To run the program, type “extundelete --help” to see various options available to you.
[root@tester ~]# cd /data
[root@tester data]# rm -rf test1
Here /dev/mapper/VolGroup02-data is mounted in /data
To recover the deleted file, We need to unmount the /data parition
[root@tester ~]# umount /data
[root@tester ~]#/usr/local/bin/extundelete /dev/mapper/VolGroup02-data --restore-all
WARNING: Extended attributes are not restored.
Loading filesystem metadata ... 1485 groups loaded.
Loading journal descriptors ... 102 descriptors loaded.
Writing output to directory RECOVERED_FILES/
Searching for recoverable inodes in directory / ...
1 recoverable inodes found.
Looking through the directory structure for deleted files ...
Failed to restore inode 98305 to file RECOVERED_FILES/test1:Unable to set proper file size.
0 recoverable inodes still lost.
[root@tester ~]# cd RECOVERED_FILES
It will create the RECOVERED_FILES Directory and restore the files in it,
[root@tester ~]# ls
test1
File restored successfully.
Now you can remount the partition /dev/mapper/VolGroup02-data to /data
[root@tester ~]# mount /dev/mapper/VolGroup02-data /data
You can follow the same steps for a restoring a single directory or single file using the following syntax.
extundelete /dev/sdb1 —-restore-directory
extundelete / —-restore-files
To Recover files in the / partition,
In my system /dev/sda2 is mounted on /
cd /
rm -rf test2
mount -o remount,ro /
# cd /secondarydrive (/dev/sda3) or (should have read/write access)
# extundelete / —-restore-files /test2
/usr/local/bin/extundelete / --restore-files /test2
Received error like below
/usr/local/bin/extundelete: "/" is a directory. You need to use the raw filesystem
used /dev/sda2 and the files are recovered successfully.
# cd RECOVERED_FILES
# ls
#test2
I have tried and recovered files up to 2 GB in the /partition. I never tried after reboot because the inode numbers may be replaced or overwritten by other files newly created and it is not possible to recover the files deleted before reboot.
You can download and get more information on this, from the below URL.
http://extundelete.sourceforge.net/
No comments:
Post a Comment