| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Apr 2009 13:55:07 -0400 From: Greg Freemyer <greg.freemyer@...il.com> To: "Michael B. Trausch" <mbt@...t.trausch.us> Cc: Theodore Tso <tytso@....edu>, linux-ext4@...r.kernel.org, mike-mobile@...usch.us Subject: Re: ext4 undeletion question On Tue, Apr 28, 2009 at 1:26 PM, Michael B. Trausch <mbt@...t.trausch.us> wrote: > On Tue, 28 Apr 2009 12:11:06 -0400 > Theodore Tso <tytso@....edu> wrote: >> There is the program "ext3grep" which will look for older versions of >> the directory and inode table blocks in the journal. This can work, >> but unfortunately I don't think it's been extended to understand about >> the ext4 extent data structure. > > Eh. Thanks for the mention... gave it a shot, but it seems to fail > nearly immediately: > > Tuesday, 2009-Apr-28 at 13:21:41 - mbt@...t - Linux v2.6.29.1 > Ubuntu Jaunty:[0-9/10014-0]:undel> sudo ext3grep --restore-all /dev/zestvg/home-retain-undelete > Running ext3grep version 0.10.1 > WARNING: I don't know what EXT3_FEATURE_COMPAT_EXT_ATTR is. > ext3grep: ext3grep.cc:119: void run_program(): Assertion `be2le(journal_super_block.s_header.h_magic) == 0xc03b3998U' failed. > zsh: abort sudo ext3grep --restore-all /dev/zestvg/home-retain-undelete > > I guess that means it won't work on an ext4 fs. :-) > > I did create a snapshot of it using LVM (durr, I didn't think of that > before) so the FS is preserved as it was... I just don't know how to go > about digging through it to get the directory that I deleted out. > Hopefully I can figure that out before terribly long, as I am stuck > until I do... > > --- Mike Mike, WinHex is a commercial product for doing undeletes that supports Ext2/3, ReiserFS, Reiser4, and UFS. You need the Specialist version to handle ext3. It might handle ext4. If not and assuming you have a very ext3 like on disk structure, you might be able to force it to work anyway. http://www.x-ways.com/winhex/index-m.html You can try out the demo and see if you can see if it works. I don't know what the limitations of the demo version are. Also, the support forum is run by one of the main coders (Stefan) of the software, so he is extremely knowledgeable. I think he also owns part of the company, but I'm not sure about that. Given that ext4 is the coming thing, he is likely to be willing to work with you to extend his product at least as far as needed to support you. Notice he has Reiser4 support which shows he keeps the software pretty leading edge. Greg -- Greg Freemyer Head of EDD Tape Extraction and Processing team Litigation Triage Solutions Specialist http://www.linkedin.com/in/gregfreemyer First 99 Days Litigation White Paper - http://www.norcrossgroup.com/forms/whitepapers/99%20Days%20whitepaper.pdf The Norcross Group The Intersection of Evidence & Technology http://www.norcrossgroup.com -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists