Loading ...
Sorry, an error occurred while loading the content.
 

RE: [linux_forensics] Linux File recovery without shutdown

Expand Messages
  • Daniel Walton
    Have you tried using the network block device to share the drives? Something I have experimented with at a small scale a long time ago. Looked useful. ...
    Message 1 of 4 , Feb 25, 2013
      Have you tried using the network block device to share the drives?
      Something I have experimented with at a small scale a long time ago.
      Looked useful.


      -----Original Message-----
      From: linux_forensics@yahoogroups.com [mailto:linux_forensics@yahoogroups.com] On Behalf Of Mark W. Jeanmougin
      Sent: Tuesday, 26 February 2013 05:19
      To: linux_forensics@yahoogroups.com
      Subject: Re: [linux_forensics] Linux File recovery without shutdown

      That should work really well. I've done stuff like that.

      If you have issues, let us know!

      MJ




      On Mon, Feb 25, 2013 at 10:07 AM, SAN THO <saminside34@...> wrote:

      > **
      >
      >
      > Hi Folks,
      >
      > I have a doubt in recovering deleted files in linux machine. I did
      > some research and realized that the existing solutions are slightly
      > incompatible to my scenario.
      >
      > Scenario :
      > A linux server running 24x7; admin dont want to shut down the machine
      > and then go for imaging, then typical ext3/4 file recovery methods.
      >
      > I found the following method can be possible, but I'm not sure a
      > better method is already available. If yes, requesting you to guide me
      > in updating my knowledge base.
      >
      > My procedure :
      > 1. take the image of the partition over the network; piping and
      > pushing the resultant image to a Netcat listening port.
      > 2. load the image in loopback device,
      > 3. use undelete or other file recovery commands to recover the file.
      >
      > Any better suggestion would be appreciable.
      >
      > --
      > SANTHO
      > twitter : @s4n70 https://twitter.com/s4n7h0>
      >
      > http://devilslab.wordpress.com/>
      >
      > [Non-text portions of this message have been removed]
      >
      >
      >


      [Non-text portions of this message have been removed]



      ------------------------------------

      Yahoo! Groups Links
    Your message has been successfully submitted and would be delivered to recipients shortly.