Using grep (traditional UNIX way) to recover files
Use following grep syntax:
grep -b 'search-text' /dev/partition > file.txt
OR
grep -a -B[size before] -A[size after] 'text' /dev/[your_partition] > file.txt
Where,
-i : Ignore case distinctions in both the PATTERN and the input files i.e. match both uppercase and lowercase character.
-a : Process a binary file as if it were text
-B Print number lines/size of leading context before matching lines.
-A: Print number lines/size of trailing context after matching lines.
To recover text file starting with "nixCraft" word on /dev/sda1 you can try following command:
# grep -i -a -B10 -A100 'nixCraft' /dev/sda1 > file.txt
Next use vi to see file.txt. This method is ONLY useful if deleted file is text file. If you are using ext2 file system, try out recover command. .
No comments:
Post a Comment