hi, just wondering if there is a way to recover the deleted files & folders on the ext3 filesystem which has Linux Redhat(OS).Accidentally i deleted a...
If you know the inodes, you can use icat from the sleuthkit: icat -f linux-ext3 /dev/hdaX yourinodehere > file where X is your partition number... If you...
hi Jeff, i tried to get the inodes using the debugfs ,but this just works for ext2 not ext3.is there a way i can get the inodes?? waiting to hear from you. ...
You may be able to recover the files using the Ext3 journal (if you can find an older copy of the inode). Debugfs lets you search for them. Otherwise you will...
I'm trying to recover data from a failing laptop drive. I've run badblocks on it, and looked at its SMART data and it seems to have a bunch of unrecoverable...
So this is a transfer orf data from one drive to another? Tom ... From: Gary Funck To: Linux_Forensics@Yahoogroups. Com Sent: Wednesday, July 13, 2005 6:38 PM ...
... Yes. In my example, I used partitions. But in fact I'm copying from an old error prone drive to a new drive of same make/model. My hope is to run chkdisk...
... You need to know the inode and you can use debugfs. For example, if the inode were 415,926 then you could use: debugfs: logdump -i <415926> This won't...
Did you try ddrescue? The benefit is to be able to increase the read trials on error and to define a fallback blocksize. On a read error the program will retry...
conv=noerror the output block is filled with the bytes read before the error + zeros from the error position until the end of the block conv=noerror,sync the...
It's not uncommon that one too many read-retrys of bad blocks can increase the number of bad blocks in that physical area of the drive media. What then is the...
Steve Fowler
sfowler@...
Jul 14, 2005 5:37 pm
1628
That's a problem for the lawyers, but I would try to educate them as to what a "block" was, and see if they can be comfortable auththenticating individual...
... You just have to be flexible in how you use integrity checking. Rather than use a hash of the complete partition (which will rarely be the same if one or...
got a question. I've got two images of one disk one taken in reverse and one taken normally. what is the easiest way to cut together the two image files to...
of course five min after i hit send, i figure out the answer to my own question... d'oh! ... From: Joe Corrigan [mailto:joec@...] Sent: Thursday, July 14,...
I believe the command your looking for is the following: cat (filename)(AAAAA) (filename)(000000BBBBB) > (newfilename)(AAAAABBBBB) This will effectivly merge...
Luis Salazar
Luis.Salazar@...
Jul 14, 2005 6:23 pm
1633
... C'mon Joe...share what you did. -- /*************************************** Special Agent Barry J. Grundy NASA Office of Inspector General Computer Crimes...
... I would have done: dd if=image_b bs=512 skip=XXX | cat Image_A - >> New_Image I just wanted to see what Joe did as well...No need for a count if all the...
i used dd to get the tail off of image b (the 000000BBBBBB file) like so dd if=imageb of=image_tail bs=512 skip=<# of sectors imageA caught> cat image_tail >>...
... dd the end of the second image such that it contains the data you want appended to the first image, then cat them together. This might be fun to try: dd...
When I have encountered these types of issues, I characterize my image as "a true and accurate copy of the data that could be reliably read from the original"....
you can use a variety of methods, including dd with skip and seek and cat the segments back together. [Disclaimer: I have a vested interest in SMART] SMART...
Within encase there a report script that can extract user details on an XP system. I think it's the version 2 initialize case script. This shows the user names...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
