UNIX Filesystems: Undelete?

    UNIX Filesystems: Undelete?

    Recently, is has come to the attention of the Vuln-Dev Security Mailing list, ( that there is malicious code that deletes one's home directory upon execution.

    This brings up a good topic about UNIX data recovery.

    Currently, I know of no method of recovering data with a utility of some sort. Such as an MS-DOS style "undelete" or what have you. The ext2 file system that is used on most Linux systems does not allow for undelete. So, even if a utility was devised it would have to be for a different file system.

    I seem to remember coming across an article about how you could remap sectors of a hard drive to recreate the data structure, but that wa s a long time ago..

    Back to my point.. If anyone has any information on UNIX file recovery, please post. This would make for good discussion, and help me out. ;-)
    UNIX FILESYSTEMS: undelete

    Good topic,
    It is possible to recover files from ext2, its a lot harder than from fat though (which isn't surprising considering fat just removes the first couple of letters from the file name!)

    A paper discussing the process is here

    and there's a few utilities on sourceforge like this one


    I read something about this a while back, then they were talking about creating a separate file that would temporarily hold deleted data in it.....or something to that effect as i think ( but am not sure) that like windows (shock, horror ) data is only truly deleted when it is over written ( i am probably wrong so correct at will).
