Someone accidentally deleted a bunch of files on their Linux box at work. None of our machines (machines which the group that I'm in deal with) are backed up in any official manner, although some are either replicated or rsynced. This machine was not. The filesystem was formatted ext3fs, which meant that I couldn't use Midnight Commander's undelete function. Normally, at this point I would say there's nothing I can do and all your work for the past 2 months has been lost forever. But, since I was feeling nice, the files were plain text, and all had the same header, I decided to see what I could do.
I ended up grepping /dev/hdb1 for a string which was near the top of each file. After that I used dd to read 20k from the byte offset which grep returned and dumped this to a file. From these dumps, the user will have to tease out the actual file contents from portions of other files in the dump as well as figure out which files actually contain the newest version of the content.
No comments:
Post a Comment