extundelete数据恢复实战!!!

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了extundelete数据恢复实战!!!相关的知识,希望对你有一定的参考价值。

项目背景:

你误删掉了公司重要的数据,老板说:你妹的!快点给我找回来  还补充了一句:我没钱!!!




试验环境:

vmware workstation 11

服务器:centos6.5  ip:192.168.0.53

extundelete-0.2.4.tar.bz2 

SecureCRT (ssh远程连接软件)


实验过程:

一、软件安装

1:软件依赖的环境安装:

[[email protected] ~]# yum install -y e2fsprogs e2fsprogs-libs e2fsprogs-devel 

2、软件下载:

[[email protected] 3-11]#  wget

http://nchc.dl.sourceforge.net/project/extundelete/extundelete/0.2.4/extundelete-0.2.4.tar.bz2

3、软件解压、编译、安装:

解压:[[email protected] 3-11]# tar jxvf extundelete-0.2.4.tar.bz2 

编译、安装:

技术分享


4:查看一下成功安装的软件的版本

技术分享


二、恢复单个文件实战!!!

1、模拟数据误删环境

    1、首先我添加了一块磁盘,然后新建了多个分区。

    2、然后创建一个目录用来挂载我的分区/dev/sdb1

    技术分享

    3、挂载分区,然后在分区上创建测试文件,然后哈希一下(用来一回判断是否恢复)

技术分享

    4、删除这俩文件。

    [[email protected] sdb1]# rm -rf /data/sdb1/*

2、卸载磁盘分区

这个时候我们需要到其他挂载目录上,不然卸载不了。

技术分享

 可以看到没卸载掉。

 

切换到其他目录 然后卸载成功!!!!  技术分享

3、查询可以回复的数据

[[email protected] boot]# extundelete /dev/sdb1 --inode 2

NOTICE: Extended attributes are not restored.

Loading filesystem metadata ... 7 groups loaded.

Group: 0

Contents of inode 2:

0000 | ed 41 00 00 00 10 00 00 25 59 e2 56 33 5a e2 56 | .A......%Y.V3Z.V

0010 | 33 5a e2 56 00 00 00 00 00 00 02 00 08 00 00 00 | 3Z.V............

0020 | 00 00 00 00 00 00 00 00 f6 01 00 00 00 00 00 00 | ................

0030 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

0040 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

0050 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

0060 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

0070 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

0080 | 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

0090 | 02 58 e2 56 00 00 00 00 00 00 00 00 00 00 00 00 | .X.V............

00a0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

00b0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

00c0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

00d0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

00e0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

00f0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................


Inode is Allocated

File mode: 16877

Low 16 bits of Owner Uid: 0

Size in bytes: 4096

Access time: 1457674533

Creation time: 1457674803

Modification time: 1457674803

Deletion Time: 0

Low 16 bits of Group Id: 0

Links count: 2

Blocks count: 8

File flags: 0

File version (for NFS): 0

File ACL: 0

Directory ACL: 0

Fragment address: 0

Direct blocks: 502, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0

Indirect block: 0

Double indirect block: 0

Triple indirect block: 0


File name                                       | Inode number | Deleted status

.                                                 2

..                                                2

lost+found                                        11             Deleted

passwd                                            12             Deleted

sdb1test.txt                                      13             Deleted


可以看到我们创建的俩测试文件在最底下。


4、恢复单个文件

  技术分享等下 我比对一下 上面的哈希值 可以看到 我们成功的恢复了误删数据!!



好了,就介绍到这里了 ,希望对大家有帮助,当然它的能力不仅仅是恢复一个文件 ,它很强大的,希望大家可以自己领悟。。。。

本文出自 “积少成多” 博客,请务必保留此出处http://9399369.blog.51cto.com/9389369/1749934

以上是关于extundelete数据恢复实战!!!的主要内容,如果未能解决你的问题,请参考以下文章

linux 文件删除恢复extundelete

案例:Oracle数据库文件删除 extundelete工具挖掘恢复删除的数据库文件

Linux中用extundelete恢复误删除的数据

extundelete工具恢复误删文件

数据恢复软件Extundelete

Linux中用extundelete恢复误删文件