- Create your own file system which is basically a file filled with zeros
dd if=/dev/zero of=/home/ruwan/Desktop/myHDD bs=1024 count=4096
♦ if=/dev/zero => select input file as /dev/zero to fill the file system with ‘0’ s(zeros).
♦ of=/home/ruwan/Desktop/myHDD => Output file or the destination of the file to be created.
♦ bs=1024 => block size of the device is 1024 bytes
♦ count=4096 => write this much of blocks (1024 bytes x 4096 =4194304 bytes[4.2MB]
For the commands we use in step 2,3 and 5 , Super User permission is needed. So Its better to get it at this point.
Type ‘sudo bash’ to get the root permission.
- Set your file into a blocked device using looped devices (I have used the loop0 here). There are eight loops available to use as looped devices( loop0 to loop7)
losetup /dev/loop0 /home/ruwan/Desktop/myHDD
- Format your file into a file system. You can choose whatever file system you like ( here i have used ext3 file system)
- Create a directory on /media . This directory will be used (in step 5)to mount your file system
- Mount your file system to the directory created earlier.
mount -t ext3 /dev/loop0 /media/myDevice
- Now Create a file on /media/myDevice filled with the content.
- Delete the file you have Created.( use ‘rm’ to delete)
- And now you are going to recover the file content you have deleted.
grep -i -a -A200 -B0 'some_text' /dev/loop0|strings >recoveredFile.txt
♦ -i: Ignore case distinctions in both the PATTERN and the input files. (-i is specified by POSIX.)
♦ -a: Process a binary file as if it were text
♦ -A[Number]: print [Number] of lines ‘A’fter matching pattern
♦ -B[Number]:print [Number] of lines ‘B’efore matching point
♦ ‘some_text’: word or phrase within the content of the file deleted.
- After recovery is done you can unmount your device
umount /media/myDevice // Unmount the device
- And the last step is to detach the loop associated with your device.
losetup -d /dev/loop0 // Detach the loop device
This is an alternative method to recover a deleted file. In this method we will not use the losetup command and give the freedom to operating system to choose the random FREE loop at that moment. ( Remember last time we have specified the loop as loop0)
dd if=/dev/zero of=/home/ruwan/Desktop/myHDD bs=1024 count=4096 mke2fs /home/ruwan/Desktop/myHDD mkdir /media/myDevice mount -t ext2 -o loop /home/ruwan/Desktop/myHDD /media/myDevice/ #create a file on /media/myDevice (or the mounted device) .And then write some text to that file Remove the file (rm /media/myDevice/file.txt) grep -ia -A200 -B200 "hello.txt" myHDD |strings >recoveredFile.txt
• mke2fs => Format device as a Linux Second Extended Filesystem( ext2)
• mkdir /media/myDevice => above file system will be mounted on to this folder later
• losetup =>
sudo losetup /dev/loop0 /home/ruwan/Desktop/myHDD
In Unix-like operating systems, a loop device is a pseudo-device that makes a file accessible as a block device.Before use, a loop device must be connected to an existing file in the filesystem. The association provides the user with an API that allows the file to be used in place of a block special file (cf. device file system). Thus, if the file contains an entire file system, the file may then be mounted as if it were a disk device. ( Source: wikipedia )
For More Details Click Here