Loading ...
Sorry, an error occurred while loading the content.

RE: [linux_forensics] Linux File recovery without shutdown

Expand Messages
  • Daniel Walton
    Have you tried using the network block device to share the drives? Something I have experimented with at a small scale a long time ago. Looked useful. ...
    Message 1 of 4 , Feb 25, 2013
    • 0 Attachment
      Have you tried using the network block device to share the drives?
      Something I have experimented with at a small scale a long time ago.
      Looked useful.


      -----Original Message-----
      From: linux_forensics@yahoogroups.com [mailto:linux_forensics@yahoogroups.com] On Behalf Of Mark W. Jeanmougin
      Sent: Tuesday, 26 February 2013 05:19
      To: linux_forensics@yahoogroups.com
      Subject: Re: [linux_forensics] Linux File recovery without shutdown

      That should work really well. I've done stuff like that.

      If you have issues, let us know!

      MJ




      On Mon, Feb 25, 2013 at 10:07 AM, SAN THO <saminside34@...> wrote:

      > **
      >
      >
      > Hi Folks,
      >
      > I have a doubt in recovering deleted files in linux machine. I did
      > some research and realized that the existing solutions are slightly
      > incompatible to my scenario.
      >
      > Scenario :
      > A linux server running 24x7; admin dont want to shut down the machine
      > and then go for imaging, then typical ext3/4 file recovery methods.
      >
      > I found the following method can be possible, but I'm not sure a
      > better method is already available. If yes, requesting you to guide me
      > in updating my knowledge base.
      >
      > My procedure :
      > 1. take the image of the partition over the network; piping and
      > pushing the resultant image to a Netcat listening port.
      > 2. load the image in loopback device,
      > 3. use undelete or other file recovery commands to recover the file.
      >
      > Any better suggestion would be appreciable.
      >
      > --
      > SANTHO
      > twitter : @s4n70 https://twitter.com/s4n7h0>
      >
      > http://devilslab.wordpress.com/>
      >
      > [Non-text portions of this message have been removed]
      >
      >
      >


      [Non-text portions of this message have been removed]



      ------------------------------------

      Yahoo! Groups Links
    • Ahmad ZamZami
      I think you should pay attention to indirect block pointer when recovering deleted files in linux filesystem. ... -- Regards, Ahmad Zam Zami ... [Non-text
      Message 2 of 4 , Feb 25, 2013
      • 0 Attachment
        I think you should pay attention to indirect block pointer when recovering
        deleted files in linux filesystem.


        On Mon, Feb 25, 2013 at 10:07 PM, SAN THO <saminside34@...> wrote:

        > **
        >
        >
        > Hi Folks,
        >
        > I have a doubt in recovering deleted files in linux machine. I did some
        > research and realized that the existing solutions are slightly incompatible
        > to my scenario.
        >
        > Scenario :
        > A linux server running 24x7; admin dont want to shut down the machine and
        > then go for imaging, then typical ext3/4 file recovery methods.
        >
        > I found the following method can be possible, but I'm not sure a better
        > method is already available. If yes, requesting you to guide me in updating
        > my knowledge base.
        >
        > My procedure :
        > 1. take the image of the partition over the network; piping and pushing the
        > resultant image to a Netcat listening port.
        > 2. load the image in loopback device,
        > 3. use undelete or other file recovery commands to recover the file.
        >
        > Any better suggestion would be appreciable.
        >
        > --
        > SANTHO
        > twitter : @s4n70 https://twitter.com/s4n7h0>
        >
        > http://devilslab.wordpress.com/>
        >
        > [Non-text portions of this message have been removed]
        >
        > _
        >


        --
        Regards,



        Ahmad Zam Zami
        ---------------------------------


        [Non-text portions of this message have been removed]
      Your message has been successfully submitted and would be delivered to recipients shortly.