UNIX Filesystems: Undelete?

Recently, is has come to the attention of the Vuln-Dev Security Mailing list, (http://www.securityfocus.com) that there is malicious code that deletes one's home directory upon execution.

This brings up a good topic about UNIX data recovery.

Currently, I know of no method of recovering data with a utility of some sort. Such as an MS-DOS style "undelete" or what have you. The ext2 file system that is used on most Linux systems does not allow for undelete. So, even if a utility was devised it would have to be for a different file system.

I seem to remember coming across an article about how you could remap sectors of a hard drive to recreate the data structure, but that wa s a long time ago..

Back to my point.. If anyone has any information on UNIX file recovery, please post. This would make for good discussion, and help me out. ;-)

Good topic,
It is possible to recover files from ext2, its a lot harder than from fat though (which isn't surprising considering fat just removes the first couple of letters from the file name!)

A paper discussing the process is here

and there's a few utilities on sourceforge like this one

Pete

I read something about this a while back, then they were talking about creating a separate file that would temporarily hold deleted data in it.....or something to that effect as i think ( but am not sure) that like windows (shock, horror :D ) data is only truly deleted when it is over written ( i am probably wrong so correct at will).