September 20th, 2001, 07:44 PM
UNIX Filesystems: Undelete?
Recently, is has come to the attention of the Vuln-Dev Security Mailing list, (http://www.securityfocus.com) that there is malicious code that deletes one's home directory upon execution.
This brings up a good topic about UNIX data recovery.
Currently, I know of no method of recovering data with a utility of some sort. Such as an MS-DOS style "undelete" or what have you. The ext2 file system that is used on most Linux systems does not allow for undelete. So, even if a utility was devised it would have to be for a different file system.
I seem to remember coming across an article about how you could remap sectors of a hard drive to recreate the data structure, but that wa s a long time ago..
Back to my point.. If anyone has any information on UNIX file recovery, please post. This would make for good discussion, and help me out. ;-)
Jason Parker - http://www.o-negative.net
o-Negative: Information Network
September 20th, 2001, 08:20 PM
UNIX FILESYSTEMS: undelete
It is possible to recover files from ext2, its a lot harder than from fat though (which isn't surprising considering fat just removes the first couple of letters from the file name!)
A paper discussing the process is here
and there's a few utilities on sourceforge like this one
November 10th, 2001, 12:03 PM
I read something about this a while back, then they were talking about creating a separate file that would temporarily hold deleted data in it.....or something to that effect as i think ( but am not sure) that like windows (shock, horror ) data is only truly deleted when it is over written ( i am probably wrong so correct at will).
There\'s no sense in being Pessimistic...it would never work anyway.