Easy ways To Recover files from ext3FS
I'm having a file called 'deltest.txt'
[root@tester ~]# vi deltest.txt
[root@tester ~]# ls -il deltest.txt
1330179 -rw-r--r-- 1 root root 22 Jan 1 19:51 deltest.txt
It's simple run ls -i command and it will display inode number
and filename.Some thing like above output
Here ' 1330179' is the inode number
And its contents are:
[root@tester ~]# cat deltest.txt
this is testing time.
this is testing time.
Now i am going to delete that file
[root@tester ~]# rm deltest.txt
rm: remove regular file `deltest.txt'? y
rm: remove regular file `deltest.txt'? y
Using Journal and Inode number
Remember if the system is reboot the journal entries will be lost.
So you can recover a file from Journal as long as system is /NOT/ shutdown or restarted.
[root@tester ~]# debugfs -w /dev/sda2
debugfs 1.39 (29-May-2006)
debugfs: logdump -i <1330179>
Inode 1330179 is at group 41, block 1343525, offset 256
Journal starts at block 23355, transaction 530492
FS block 1343525 logged at sequence 530732, journal block 24821
(inode block for inode 1330179):
Inode: 1330179 Type: regular Mode: 0600 Flags: 0x0 Generation:
2717954899
User: 0 Group: 0 Size: 0
File ACL: 0 Directory ACL: 0
Links: 0 Blockcount: 0
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x50e2edf5 -- Tue Jan 1 19:38:53 2013
atime: 0x50e2edf5 -- Tue Jan 1 19:38:53 2013
mtime: 0x50e2edf5 -- Tue Jan 1 19:38:53 2013
dtime: 0x50e2edf5 -- Tue Jan 1 19:38:53 2013
Blocks:
FS block 1343525 logged at sequence 530734, journal block 24879
(inode block for inode 1330179):
Inode: 1330179 Type: regular Mode: 0600 Flags: 0x0 Generation:
2717954902
User: 0 Group: 0 Size: 0
File ACL: 0 Directory ACL: 0
Links: 0 Blockcount: 0
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x50e2ee03 -- Tue Jan 1 19:39:07 2013
atime: 0x50e2ee03 -- Tue Jan 1 19:39:07 2013
mtime: 0x50e2ee03 -- Tue Jan 1 19:39:07 2013
dtime: 0x50e2ee03 -- Tue Jan 1 19:39:07 2013
Blocks:
FS block 1343525 logged at sequence 530735, journal block 24891
(inode block for inode 1330179):
Inode: 1330179 Type: regular Mode: 0644 Flags: 0x0 Generation:
2717954904
User: 0 Group: 0 Size: 25
File ACL: 0 Directory ACL: 0
Links: 1 Blockcount: 8
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x50e2ee0b -- Tue Jan 1 19:39:15 2013
atime: 0x50e2ee0b -- Tue Jan 1 19:39:15 2013
mtime: 0x50e2ee0b -- Tue Jan 1 19:39:15 2013
Blocks: (0+1): 1359908
FS block 1343525 logged at sequence 530738, journal block 24935
(inode block for inode 1330179):
Inode: 1330179 Type: regular Mode: 0644 Flags: 0x0 Generation:
2717954904
User: 0 Group: 0 Size: 25
File ACL: 0 Directory ACL: 0
Links: 1 Blockcount: 8
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x50e2ee0b -- Tue Jan 1 19:39:15 2013
atime: 0x50e2ee1c -- Tue Jan 1 19:39:32 2013
mtime: 0x50e2ee0b -- Tue Jan 1 19:39:15 2013
Blocks: (0+1): 1359908
FS block 1343525 logged at sequence 530740, journal block 24952
(inode block for inode 1330179):
Inode: 1330179 Type: regular Mode: 0644 Flags: 0x0 Generation:
2717954904
User: 0 Group: 0 Size: 0
File ACL: 0 Directory ACL: 0
Links: 0 Blockcount: 0
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x50e2ee29 -- Tue Jan 1 19:39:45 2013
atime: 0x50e2ee1c -- Tue Jan 1 19:39:32 2013
mtime: 0x50e2ee29 -- Tue Jan 1 19:39:45 2013
dtime: 0x50e2ee29 -- Tue Jan 1 19:39:45 2013
Blocks:
FS block 1343525 logged at sequence 530764, journal block 25127
(inode block for inode 1330179):
Inode: 1330179 Type: regular Mode: 0600 Flags: 0x0 Generation:
2717954906
User: 0 Group: 0 Size: 0
File ACL: 0 Directory ACL: 0
Links: 0 Blockcount: 0
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x50e2eeda -- Tue Jan 1 19:42:42 2013
atime: 0x50e2eeda -- Tue Jan 1 19:42:42 2013
mtime: 0x50e2eeda -- Tue Jan 1 19:42:42 2013
dtime: 0x50e2eeda -- Tue Jan 1 19:42:42 2013
Blocks:
FS block 1343525 logged at sequence 530836, journal block 25646
(inode block for inode 1330179):
Inode: 1330179 Type: regular Mode: 0600 Flags: 0x0 Generation:
2717954917
User: 0 Group: 0 Size: 0
File ACL: 0 Directory ACL: 0
Links: 0 Blockcount: 0
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x50e2f0c9 -- Tue Jan 1 19:50:57 2013
atime: 0x50e2f0c9 -- Tue Jan 1 19:50:57 2013
mtime: 0x50e2f0c9 -- Tue Jan 1 19:50:57 2013
dtime: 0x50e2f0c9 -- Tue Jan 1 19:50:57 2013
Blocks:
FS block 1343525 logged at sequence 530838, journal block 25661
(inode block for inode 1330179):
Inode: 1330179 Type: regular Mode: 0644 Flags: 0x0 Generation:
2717954919
User: 0 Group: 0 Size: 22
File ACL: 0 Directory ACL: 0
Links: 1 Blockcount: 8
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x50e2f0d3 -- Tue Jan 1 19:51:07 2013
atime: 0x50e2f0d3 -- Tue Jan 1 19:51:07 2013
mtime: 0x50e2f0d3 -- Tue Jan 1 19:51:07 2013
Blocks: (0+1): 1344555
FS block 1343525 logged at sequence 530840, journal block 25698
(inode block for inode 1330179):
Inode: 1330179 Type: regular Mode: 0644 Flags: 0x0 Generation:
2717954919
User: 0 Group: 0 Size: 22
File ACL: 0 Directory ACL: 0
Links: 1 Blockcount: 8
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x50e2f0d3 -- Tue Jan 1 19:51:07 2013
atime: 0x50e2f0da -- Tue Jan 1 19:51:14 2013
mtime: 0x50e2f0d3 -- Tue Jan 1 19:51:07 2013
Blocks: (0+1): 1344555
FS block 1343525 logged at sequence 530842, journal block 25715
(inode block for inode 1330179):
Inode: 1330179 Type: regular Mode: 0644 Flags: 0x0 Generation: 2717954919
User: 0 Group: 0 Size: 0
File ACL: 0 Directory ACL: 0
Links: 0 Blockcount: 0
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x50e2f0e7 -- Tue Jan 1 19:51:27 2013
atime: 0x50e2f0da -- Tue Jan 1 19:51:14 2013
mtime: 0x50e2f0e7 -- Tue Jan 1 19:51:27 2013
dtime: 0x50e2f0e7 -- Tue Jan 1 19:51:27 2013
Blocks:
Found sequence 522443 (not 530849) at block 25766: end of journal.
Blocks: (0+1): 1344555
[root@tester ~]# dd if=/dev/sda2 of=recoverd.txt bs=4096 count=1 skip=1344555
1+0 records in
1+0 records out
4096 bytes (4.1 kB) copied, 0.026338 seconds, 156 kB/s
[root@tester ~]# cat recoverd.txt
this is testing time.
Ok..we recovered a file based on it's inode number. I know what's in your mind,
"Is it possible to recover a file if we don't know it's inode number?"
Using Journal and Filename
So you want to know about how to recover a file ,if we don't know it's inode number???
[root@tester ~]# cat testing.txt
this is the second test file.
[root@tester Desktop]# tune2fs -l /dev/sda2 | grep "Block size"
Block size: 4096
[root@tester data]# cat Jan1.txt
this is the first test of the year
[root@tester data]# rm Jan1.txt
rm: remove regular file `Jan1.txt'? y
Make sure that the file is deleted.
debugfs 1.39 (29-May-2006)
debugfs: logdump -i <1330179>
Inode 1330179 is at group 41, block 1343525, offset 256
Journal starts at block 23355, transaction 530492
FS block 1343525 logged at sequence 530732, journal block 24821
(inode block for inode 1330179):
Inode: 1330179 Type: regular Mode: 0600 Flags: 0x0 Generation:
2717954899
User: 0 Group: 0 Size: 0
File ACL: 0 Directory ACL: 0
Links: 0 Blockcount: 0
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x50e2edf5 -- Tue Jan 1 19:38:53 2013
atime: 0x50e2edf5 -- Tue Jan 1 19:38:53 2013
mtime: 0x50e2edf5 -- Tue Jan 1 19:38:53 2013
dtime: 0x50e2edf5 -- Tue Jan 1 19:38:53 2013
Blocks:
FS block 1343525 logged at sequence 530734, journal block 24879
(inode block for inode 1330179):
Inode: 1330179 Type: regular Mode: 0600 Flags: 0x0 Generation:
2717954902
User: 0 Group: 0 Size: 0
File ACL: 0 Directory ACL: 0
Links: 0 Blockcount: 0
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x50e2ee03 -- Tue Jan 1 19:39:07 2013
atime: 0x50e2ee03 -- Tue Jan 1 19:39:07 2013
mtime: 0x50e2ee03 -- Tue Jan 1 19:39:07 2013
dtime: 0x50e2ee03 -- Tue Jan 1 19:39:07 2013
Blocks:
FS block 1343525 logged at sequence 530735, journal block 24891
(inode block for inode 1330179):
Inode: 1330179 Type: regular Mode: 0644 Flags: 0x0 Generation:
2717954904
User: 0 Group: 0 Size: 25
File ACL: 0 Directory ACL: 0
Links: 1 Blockcount: 8
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x50e2ee0b -- Tue Jan 1 19:39:15 2013
atime: 0x50e2ee0b -- Tue Jan 1 19:39:15 2013
mtime: 0x50e2ee0b -- Tue Jan 1 19:39:15 2013
Blocks: (0+1): 1359908
FS block 1343525 logged at sequence 530738, journal block 24935
(inode block for inode 1330179):
Inode: 1330179 Type: regular Mode: 0644 Flags: 0x0 Generation:
2717954904
User: 0 Group: 0 Size: 25
File ACL: 0 Directory ACL: 0
Links: 1 Blockcount: 8
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x50e2ee0b -- Tue Jan 1 19:39:15 2013
atime: 0x50e2ee1c -- Tue Jan 1 19:39:32 2013
mtime: 0x50e2ee0b -- Tue Jan 1 19:39:15 2013
Blocks: (0+1): 1359908
FS block 1343525 logged at sequence 530740, journal block 24952
(inode block for inode 1330179):
Inode: 1330179 Type: regular Mode: 0644 Flags: 0x0 Generation:
2717954904
User: 0 Group: 0 Size: 0
File ACL: 0 Directory ACL: 0
Links: 0 Blockcount: 0
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x50e2ee29 -- Tue Jan 1 19:39:45 2013
atime: 0x50e2ee1c -- Tue Jan 1 19:39:32 2013
mtime: 0x50e2ee29 -- Tue Jan 1 19:39:45 2013
dtime: 0x50e2ee29 -- Tue Jan 1 19:39:45 2013
Blocks:
FS block 1343525 logged at sequence 530764, journal block 25127
(inode block for inode 1330179):
Inode: 1330179 Type: regular Mode: 0600 Flags: 0x0 Generation:
2717954906
User: 0 Group: 0 Size: 0
File ACL: 0 Directory ACL: 0
Links: 0 Blockcount: 0
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x50e2eeda -- Tue Jan 1 19:42:42 2013
atime: 0x50e2eeda -- Tue Jan 1 19:42:42 2013
mtime: 0x50e2eeda -- Tue Jan 1 19:42:42 2013
dtime: 0x50e2eeda -- Tue Jan 1 19:42:42 2013
Blocks:
FS block 1343525 logged at sequence 530836, journal block 25646
(inode block for inode 1330179):
Inode: 1330179 Type: regular Mode: 0600 Flags: 0x0 Generation:
2717954917
User: 0 Group: 0 Size: 0
File ACL: 0 Directory ACL: 0
Links: 0 Blockcount: 0
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x50e2f0c9 -- Tue Jan 1 19:50:57 2013
atime: 0x50e2f0c9 -- Tue Jan 1 19:50:57 2013
mtime: 0x50e2f0c9 -- Tue Jan 1 19:50:57 2013
dtime: 0x50e2f0c9 -- Tue Jan 1 19:50:57 2013
Blocks:
FS block 1343525 logged at sequence 530838, journal block 25661
(inode block for inode 1330179):
Inode: 1330179 Type: regular Mode: 0644 Flags: 0x0 Generation:
2717954919
User: 0 Group: 0 Size: 22
File ACL: 0 Directory ACL: 0
Links: 1 Blockcount: 8
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x50e2f0d3 -- Tue Jan 1 19:51:07 2013
atime: 0x50e2f0d3 -- Tue Jan 1 19:51:07 2013
mtime: 0x50e2f0d3 -- Tue Jan 1 19:51:07 2013
Blocks: (0+1): 1344555
FS block 1343525 logged at sequence 530840, journal block 25698
(inode block for inode 1330179):
Inode: 1330179 Type: regular Mode: 0644 Flags: 0x0 Generation:
2717954919
User: 0 Group: 0 Size: 22
File ACL: 0 Directory ACL: 0
Links: 1 Blockcount: 8
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x50e2f0d3 -- Tue Jan 1 19:51:07 2013
atime: 0x50e2f0da -- Tue Jan 1 19:51:14 2013
mtime: 0x50e2f0d3 -- Tue Jan 1 19:51:07 2013
Blocks: (0+1): 1344555
FS block 1343525 logged at sequence 530842, journal block 25715
(inode block for inode 1330179):
Inode: 1330179 Type: regular Mode: 0644 Flags: 0x0 Generation: 2717954919
User: 0 Group: 0 Size: 0
File ACL: 0 Directory ACL: 0
Links: 0 Blockcount: 0
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x50e2f0e7 -- Tue Jan 1 19:51:27 2013
atime: 0x50e2f0da -- Tue Jan 1 19:51:14 2013
mtime: 0x50e2f0e7 -- Tue Jan 1 19:51:27 2013
dtime: 0x50e2f0e7 -- Tue Jan 1 19:51:27 2013
Blocks:
Found sequence 522443 (not 530849) at block 25766: end of journal.
Blocks: (0+1): 1344555
[root@tester ~]# dd if=/dev/sda2 of=recoverd.txt bs=4096 count=1 skip=1344555
1+0 records in
1+0 records out
4096 bytes (4.1 kB) copied, 0.026338 seconds, 156 kB/s
[root@tester ~]# cat recoverd.txt
this is testing time.
Ok..we recovered a file based on it's inode number. I know what's in your mind,
"Is it possible to recover a file if we don't know it's inode number?"
Using Journal and Filename
So you want to know about how to recover a file ,if we don't know it's inode number???
[root@tester ~]# cat testing.txt
this is the second test file.
[root@tester Desktop]# tune2fs -l /dev/sda2 | grep "Block size"
Block size: 4096
[root@tester data]# cat Jan1.txt
this is the first test of the year
[root@tester data]# rm Jan1.txt
rm: remove regular file `Jan1.txt'? y
Make sure that the file is deleted.
[root@tester data]# ls Jan1.txt
ls: Jan1.txt: No such file or directory
ls: Jan1.txt: No such file or directory
Using lastdel command or ls -d , we can find the inode of the last deleted file. here the inode number is clearly specified with in the <> check it.
[root@tester data]# debugfs -w /dev/mapper/VolGroup02-data
debugfs 1.39 (29-May-2006)
debugfs:
debugfs: lsdel
Inode Owner Mode Size Blocks Time deleted
0 deleted inodes found.
debugfs: ls -d
2 (12) . 2 (12) .. 11 (4072) lost+found
<49153> (24) .Jan1.txt.swp <49154> (4028) Jan1.txt
debugfs: logdump -i <49154>
Inode 49154 is at group 3, block 99331, offset 128
Journal starts at block 1, transaction 2
FS block 99331 logged at sequence 3, journal block 7
(inode block for inode 49154):
Inode: 49154 Type: regular Mode: 0600 Flags: 0x0 Generation: 2075235505
User: 0 Group: 0 Size: 0
File ACL: 0 Directory ACL: 0
Links: 0 Blockcount: 0
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x50e2f8b5 -- Tue Jan 1 20:24:45 2013
atime: 0x50e2f8b5 -- Tue Jan 1 20:24:45 2013
mtime: 0x50e2f8b5 -- Tue Jan 1 20:24:45 2013
dtime: 0x50e2f8b5 -- Tue Jan 1 20:24:45 2013
Blocks:
FS block 99331 logged at sequence 4, journal block 16
(inode block for inode 49154):
Inode: 49154 Type: regular Mode: 0644 Flags: 0x0 Generation: 2075235507
User: 0 Group: 0 Size: 35
File ACL: 0 Directory ACL: 0
Links: 1 Blockcount: 8
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x50e2f8c1 -- Tue Jan 1 20:24:57 2013
atime: 0x50e2f8c1 -- Tue Jan 1 20:24:57 2013
mtime: 0x50e2f8c1 -- Tue Jan 1 20:24:57 2013
Blocks: (0+1): 100360
FS block 99331 logged at sequence 5, journal block 22
(inode block for inode 49154):
Inode: 49154 Type: regular Mode: 0644 Flags: 0x0 Generation: 2075235507
User: 0 Group: 0 Size: 35
File ACL: 0 Directory ACL: 0
Links: 1 Blockcount: 8
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x50e2f8c1 -- Tue Jan 1 20:24:57 2013
atime: 0x50e2f8c1 -- Tue Jan 1 20:24:57 2013
mtime: 0x50e2f8c1 -- Tue Jan 1 20:24:57 2013
Blocks: (0+1): 100360
FS block 99331 logged at sequence 6, journal block 32
(inode block for inode 49154):
Inode: 49154 Type: regular Mode: 0644 Flags: 0x0 Generation: 2075235507
User: 0 Group: 0 Size: 35
File ACL: 0 Directory ACL: 0
Links: 1 Blockcount: 8
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x50e2f8c1 -- Tue Jan 1 20:24:57 2013
atime: 0x50e2f8d2 -- Tue Jan 1 20:25:14 2013
mtime: 0x50e2f8c1 -- Tue Jan 1 20:24:57 2013
Blocks: (0+1): 100360
FS block 99331 logged at sequence 7, journal block 38
(inode block for inode 49154):
Inode: 49154 Type: regular Mode: 0644 Flags: 0x0 Generation: 2075235507
User: 0 Group: 0 Size: 0
File ACL: 0 Directory ACL: 0
Links: 0 Blockcount: 0
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x50e2f8d9 -- Tue Jan 1 20:25:21 2013
atime: 0x50e2f8d2 -- Tue Jan 1 20:25:14 2013
mtime: 0x50e2f8d9 -- Tue Jan 1 20:25:21 2013
dtime: 0x50e2f8d9 -- Tue Jan 1 20:25:21 2013
Blocks:
No magic number at block 43: end of journal.
debugfs:
debugfs: q
Blocks: (0+1): 100360
[root@tester data]# dd if=/dev/mapper/VolGroup02-data of=merecovered.txt bs=4096 count=1 skip=100360
1+0 records in
1+0 records out
4096 bytes (4.1 kB) copied, 0.00599776 seconds, 683 kB/s
[root@tester data]# cat merecovered.txt
this is the first test of the year
Yahoo! recovered
debugfs 1.39 (29-May-2006)
debugfs:
debugfs: lsdel
Inode Owner Mode Size Blocks Time deleted
0 deleted inodes found.
debugfs: ls -d
2 (12) . 2 (12) .. 11 (4072) lost+found
<49153> (24) .Jan1.txt.swp <49154> (4028) Jan1.txt
debugfs: logdump -i <49154>
Inode 49154 is at group 3, block 99331, offset 128
Journal starts at block 1, transaction 2
FS block 99331 logged at sequence 3, journal block 7
(inode block for inode 49154):
Inode: 49154 Type: regular Mode: 0600 Flags: 0x0 Generation: 2075235505
User: 0 Group: 0 Size: 0
File ACL: 0 Directory ACL: 0
Links: 0 Blockcount: 0
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x50e2f8b5 -- Tue Jan 1 20:24:45 2013
atime: 0x50e2f8b5 -- Tue Jan 1 20:24:45 2013
mtime: 0x50e2f8b5 -- Tue Jan 1 20:24:45 2013
dtime: 0x50e2f8b5 -- Tue Jan 1 20:24:45 2013
Blocks:
FS block 99331 logged at sequence 4, journal block 16
(inode block for inode 49154):
Inode: 49154 Type: regular Mode: 0644 Flags: 0x0 Generation: 2075235507
User: 0 Group: 0 Size: 35
File ACL: 0 Directory ACL: 0
Links: 1 Blockcount: 8
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x50e2f8c1 -- Tue Jan 1 20:24:57 2013
atime: 0x50e2f8c1 -- Tue Jan 1 20:24:57 2013
mtime: 0x50e2f8c1 -- Tue Jan 1 20:24:57 2013
Blocks: (0+1): 100360
FS block 99331 logged at sequence 5, journal block 22
(inode block for inode 49154):
Inode: 49154 Type: regular Mode: 0644 Flags: 0x0 Generation: 2075235507
User: 0 Group: 0 Size: 35
File ACL: 0 Directory ACL: 0
Links: 1 Blockcount: 8
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x50e2f8c1 -- Tue Jan 1 20:24:57 2013
atime: 0x50e2f8c1 -- Tue Jan 1 20:24:57 2013
mtime: 0x50e2f8c1 -- Tue Jan 1 20:24:57 2013
Blocks: (0+1): 100360
FS block 99331 logged at sequence 6, journal block 32
(inode block for inode 49154):
Inode: 49154 Type: regular Mode: 0644 Flags: 0x0 Generation: 2075235507
User: 0 Group: 0 Size: 35
File ACL: 0 Directory ACL: 0
Links: 1 Blockcount: 8
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x50e2f8c1 -- Tue Jan 1 20:24:57 2013
atime: 0x50e2f8d2 -- Tue Jan 1 20:25:14 2013
mtime: 0x50e2f8c1 -- Tue Jan 1 20:24:57 2013
Blocks: (0+1): 100360
FS block 99331 logged at sequence 7, journal block 38
(inode block for inode 49154):
Inode: 49154 Type: regular Mode: 0644 Flags: 0x0 Generation: 2075235507
User: 0 Group: 0 Size: 0
File ACL: 0 Directory ACL: 0
Links: 0 Blockcount: 0
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x50e2f8d9 -- Tue Jan 1 20:25:21 2013
atime: 0x50e2f8d2 -- Tue Jan 1 20:25:14 2013
mtime: 0x50e2f8d9 -- Tue Jan 1 20:25:21 2013
dtime: 0x50e2f8d9 -- Tue Jan 1 20:25:21 2013
Blocks:
No magic number at block 43: end of journal.
debugfs:
debugfs: q
Blocks: (0+1): 100360
[root@tester data]# dd if=/dev/mapper/VolGroup02-data of=merecovered.txt bs=4096 count=1 skip=100360
1+0 records in
1+0 records out
4096 bytes (4.1 kB) copied, 0.00599776 seconds, 683 kB/s
[root@tester data]# cat merecovered.txt
this is the first test of the year
Yahoo! recovered
No comments:
Post a Comment