How to Recover a Deleted file on your File System ( Linux)

Posted: December 18, 2010 in Linux
Tags: , ,

Steps

  1. Create your own file system which is basically a file filled with zeros
    dd if=/dev/zero of=/home/ruwan/Desktop/myHDD bs=1024 count=4096

    ♦  if=/dev/zero => select input file as /dev/zero to fill the file system with ‘0’ s(zeros).

    ♦ of=/home/ruwan/Desktop/myHDD => Output file or the destination of the file to be created.

    ♦  bs=1024 => block size of the device is 1024 bytes

    ♦  count=4096 => write this much of blocks (1024 bytes x 4096 =4194304 bytes[4.2MB]

    For the commands we use in step 2,3 and 5 ,  Super User permission is needed. So Its better to get it at this point.

    Type ‘sudo bash’ to get the root permission.

     

  2. Set your file into a blocked device using looped devices (I have used the loop0 here). There are eight loops available to use as looped devices( loop0 to loop7)
    losetup /dev/loop0 /home/ruwan/Desktop/myHDD
  3. Format your file into a file system. You can choose whatever file system you like ( here i have used ext3 file system)
    mkfs.ext3 /dev/loop0
  4. Create a directory on /media . This directory will be used (in step 5)to mount your file system
    mkdir /media/myDevice
  5. Mount your file system to the directory created earlier.
    mount -t ext3 /dev/loop0 /media/myDevice
  6. Now Create a file on /media/myDevice filled with the content.
  7. Delete the file you have Created.( use ‘rm’ to delete)
  8. And now you are going to recover the file content you have deleted.
    grep -i -a -A200 -B0 'some_text' /dev/loop0|strings >recoveredFile.txt

    Arguments used:
    ♦  -i: Ignore case distinctions in  both  the  PATTERN  and  the  input files.  (-i is specified by POSIX.)
    ♦ -a: Process a binary file as if it were text
    ♦ -A[Number]: print [Number] of lines ‘A’fter matching pattern
    ♦ -B[Number]:print [Number] of lines ‘B’efore matching point
    ♦ ‘some_text’: word or phrase within the content of the file deleted.

  9. After recovery is done you can unmount your device
    umount /media/myDevice             // Unmount the device
  10. And the last step is to detach the loop associated with your device.
    losetup -d /dev/loop0	      // Detach the loop device

Aliter

This is an alternative method to recover a deleted file. In this method we will not use the losetup command and give the  freedom to operating system to  choose the random FREE loop at that moment. ( Remember last time we have specified the loop as loop0)


dd if=/dev/zero of=/home/ruwan/Desktop/myHDD bs=1024 count=4096

mke2fs /home/ruwan/Desktop/myHDD

mkdir /media/myDevice

mount -t ext2 -o loop /home/ruwan/Desktop/myHDD /media/myDevice/

#create a file on /media/myDevice (or the mounted device) .And then write some text to that file

Remove the file (rm /media/myDevice/file.txt)

grep -ia -A200 -B200 "hello.txt" myHDD |strings >recoveredFile.txt 

Notes

• mke2fs => Format device as a Linux Second Extended Filesystem( ext2)

• mkdir /media/myDevice => above file system will be mounted on to this folder later

• losetup =>

Command::

sudo losetup /dev/loop0 /home/ruwan/Desktop/myHDD

In Unix-like operating systems, a loop device is a pseudo-device that makes a file accessible as a block device.Before use, a loop device must be connected to an existing file in the filesystem. The association provides the user with an API that allows the file to be used in place of a block special file (cf. device file system). Thus, if the file contains an entire file system, the file may then be mounted as if it were a disk device. ( Source: wikipedia )

For More Details Click Here

Comments
  1. Thilini Iw says:

    well done…..nice,though i dnt understand the subject.

  2. shashikabokks says:

    well done mate keep doing this kind of things its really awesome

  3. Great Work Machan….
    All The Best…🙂

  4. Chathura Kazilla says:

    machan,
    u dont have to unmount the device and detach the loop in 2 steps.. u can simply unmount the loop
    “umount loop0”

    using the losetup or just putting the -o loop or -o loop0 are ways to mount a device that needs a loop assiciated…
    it dosent change the way u recover data

    keep up….🙂

  5. Thnx Everyone..:)
    @Chathura-Kazilla;
    Thnx a lot for the feedback and your suggestions machan..

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s