Re: ext4 undeletion question

[Greg Freemyer <greg.freemyer@gmail.com>]

On Tue, Apr 28, 2009 at 1:26 PM, Michael B. Trausch <mbt@zest.trausch.us> wrote:
> On Tue, 28 Apr 2009 12:11:06 -0400
> Theodore Tso <tytso@mit.edu> wrote:
>> There is the program "ext3grep" which will look for older versions of
>> the directory and inode table blocks in the journal.  This can work,
>> but unfortunately I don't think it's been extended to understand about
>> the ext4 extent data structure.
>
> Eh.  Thanks for the mention... gave it a shot, but it seems to fail
> nearly immediately:
>
> Tuesday, 2009-Apr-28 at 13:21:41 - mbt@zest - Linux v2.6.29.1
> Ubuntu Jaunty:[0-9/10014-0]:undel> sudo ext3grep --restore-all /dev/zestvg/home-retain-undelete
> Running ext3grep version 0.10.1
> WARNING: I don't know what EXT3_FEATURE_COMPAT_EXT_ATTR is.
> ext3grep: ext3grep.cc:119: void run_program(): Assertion `be2le(journal_super_block.s_header.h_magic) == 0xc03b3998U' failed.
> zsh: abort      sudo ext3grep --restore-all /dev/zestvg/home-retain-undelete
>
> I guess that means it won't work on an ext4 fs.  :-)
>
> I did create a snapshot of it using LVM (durr, I didn't think of that
> before) so the FS is preserved as it was... I just don't know how to go
> about digging through it to get the directory that I deleted out.
> Hopefully I can figure that out before terribly long, as I am stuck
> until I do...
>
>        --- Mike

Mike,

WinHex is a commercial product for doing undeletes that supports
Ext2/3, ReiserFS, Reiser4, and UFS.  You need the Specialist version
to handle ext3.  It might handle ext4.

If not and assuming you have a very ext3 like on disk structure, you
might be able to force it to work anyway.

http://www.x-ways.com/winhex/index-m.html

You can try out the demo and see if you can see if it works.  I don't
know what the limitations of the demo version are.

Also, the support forum is run by one of the main coders (Stefan) of
the software, so he is extremely knowledgeable.   I think he also owns
part of the company, but I'm not sure about that.

Given that ext4 is the coming thing, he is likely to be willing to
work with you to extend his product at least as far as needed to
support you.  Notice he has Reiser4 support which shows he keeps the
software pretty leading edge.

Greg
-- 
Greg Freemyer
Head of EDD Tape Extraction and Processing team
Litigation Triage Solutions Specialist
http://www.linkedin.com/in/gregfreemyer
First 99 Days Litigation White Paper -
http://www.norcrossgroup.com/forms/whitepapers/99%20Days%20whitepaper.pdf

The Norcross Group
The Intersection of Evidence & Technology
http://www.norcrossgroup.com
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html