Data Recovery (ili povrat podataka) alati za GNU/Linux

Data Recovery (ili povrat podataka) alati za GNU/Linux

offline
  • bocke  Male
  • Moderator foruma
  • Glavni moderator Linux foruma
  • Veliki Pingvin
  • Guru
  • Pridružio: 16 Dec 2005
  • Poruke: 12486
  • Gde živiš: Južni pol

Svojevremeno sam tražio alate koji bi mogli poslužiti za data recovery pod Linuxom. Nekakva lista koju sam sastavio (svi su pod GPL ili OS licencom - ali većina su za ext2):

LDE - The Linux Disk Editor
http://lde.sourceforge.net/

Citat:lde is a disk editor for linux, originally written to help recover deleted files. It has a simple ncurses interface that resembles an old version of Norton Disk Edit for DOS. lde is 100 percent free under the Gnu public license.

I uputstvo za povratak obrisanih fajlova:
http://lde.sourceforge.net/UNERASE.txt

e2undel
http://e2undel.sourceforge.net/

Citat:e2undel is an interactive console tool that recovers the data of deleted files on an ext2 file system under Linux. Included is a library that allows to recover deleted files by name. It does not require any knowledge about the secrets of the ext2 file system and should be useable by everyone. Read the installation and usage notes. If you are interested in learning how e2undel does its job, read here.

e2undel does not manipulate internal ext2 structures and requires only read access to the file system where the files to recover are located. It accesses the ext2 file system by way of Ted Ts'o's ext2fs library; so I think ist is safe to use.

The e2undel package contains a library that allows you to recover deleted files by their names. Usually, when a file is deleted, its name is lost; after installing this library, the names of deleted files are logged and accessible via the e2undel program.


Mada se danas ext2 retko koristi... Ali možda nekome zatreba.

Make CD-rom recovery
http://mkcdrec.sourceforge.net/

Citat:mkCDrec makes a bootable (El Torito) disaster recovery image (CDrec.iso), including backups of the linux system to the same CD-ROM (or CD-RW) if space permits, or to a multi-volume CD-ROM set. Otherwise, the backups can be stored on another local disk, NFS disk or (remote) tape.
After a disaster (disk crash or system intrusion) the system can be booted from the CD-ROM and one can restore the complete system as it was (at the time mkCDrec was run) with the command /etc/recovery/start-restore.sh


Ima toga još tako da preporučujem da gvirnete.

Data Recovery Tools
http://dr-tools.sourceforge.net/

Citat:dr-tools
There is only dr-fat in that package at this time.

* Recovers data from damaged FAT filesystems.
* Recovers tree structure with names.
* Guesses which files are clean and which are damaged.
* There is a patch below to support dd_rescue bad blocks list.
* Does only support FAT32 at this time.
* Doesn't support damages to system zone and/or file allocation table yet.
* Doesn't support in-place recovery.

dr-ext2

* Recovers files big enough to need indirect blocks from a mistakenly formatted ext2/ext3 filesystem.
* Should work to recover erased files, too, but all files with indirect blocks will be "recovered", even if you already have access to them.
* Written in one week-end, do not expect too much Wink

jpeg-recover

* JPEG parser to find JPEG streams in a flow of data.
* Proved to be useful to recover still pictures of a digital camera.
* Originally developped to get JPEGs from an archive of an unknown type.


myrescue harddisk rescue
http://myrescue.sourceforge.net/

Ne zvuče baš mnogo pouzdano, ali možda može da se upotrebi?

Citat:myrescue is a program to rescue the still-readable data from a damaged harddisk. It is similiar in purpose to dd_rescue, but it tries to quickly get out of damaged areas to first handle the not yet damaged part of the disk and return later.
Note:

This tools is no replacement for a professional data recovery service! If you do have the latter option, don't even think of using myrescue, as it may further damage your disk. This tool is provided only for the case that you are absolutely desperate and definitely cannot afford a professional data recovery. Or in case you know what you are doing, e.g. if you know that it is the aging of the magnetisation layer that is causing your problem.

The usual GPL disclaimer applies. Especially the NON-WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE. Don't blame (or sue) me if it fails to recover or further damages your data.


Recover
http://recover.sourceforge.net/linux/recover/

Imajte na umu da je ovo samo za ext2 sistem fajlova.

Citat:Recover is a utility which automates some steps as described in the Ext2fs-Undeletion howto in order to recover a lost file.

Recover (ie. console version) is no longer under active development since bug reports have become rare (thus stable), newer and better FS's are coming up and I don't really know how recover could be improved. (suggestions are still welcome!)


I jedno uputstvo za povratak fajlova pod Linuxom (sa istog sajta):
http://recover.sourceforge.net/linux/

e2salvage
http://e2salvage.sourceforge.net/

Još jedan alat za ext2 sistem...

Citat:e2salvage is a utility which tries to do in-place data recovery a from damaged ext2 filesystems. Unlike e2fsck, it does not look for the data at particular places and it don't tend to believe the data it finds; thus it can handle much more damaged filesystem.

e2salvage tries its best to recover the directory structure of the filesystem, if this fails lost files will be linked to root.

e2salvage is still an experimental piece of software - it can do a lot of harm to your filesystem - only run it on a backup of the damaged filesystem to be safe!


safecopy
http://safecopy.sourceforge.net/

Citat:safecopy is a data recovery tool which tries to extract as much data as possible from a seekable, but problematic (i.e. damaged sectors) source - like floppy drives, harddisk partitions, CDs, ..., where other tools like dd would fail doe to I/O errors.

hdrecover
http://hdrecover.sourceforge.net/

Citat:Attempts to recover a hard disk that has bad blocks on it.

WARNING: A hard disk with bad blocks on is likely to fail! If you value your data you should get a new hard disk instead of using this program!

However, if you can't afford a new hard disk, or just like being reckless with your data then this tool might just help you out!


Imate li i vi neki link/predlog za ovu listu?



Registruj se da bi učestvovao u diskusiji. Registrovanim korisnicima se NE prikazuju reklame unutar poruka.
offline
  • Pridružio: 23 Mar 2004
  • Poruke: 523

Dobro je imati ovakav spisak programa na jednom mjestu.
Što se tiče oporavka obrisanih fajlova, davno sam imao problem sa tim. Na kraju sam naišao na tekst jednog od ext3 developera, koji je rekao da je nemoguće oporaviti obrisane fajlove sa ext3 fajl sistema zbog principa rada ext3 journaling sistema. Oporavak fajlova na ext2, s druge strane, ide bez problema.



offline
  • Pridružio: 20 Apr 2003
  • Poruke: 2416
  • Gde živiš: NS

kako stoji stvar s reiserom?

offline
  • Emil Beli
  • Pridružio: 03 Jan 2005
  • Poruke: 2990
  • Gde živiš: Beograd

Cisto sumnjam. Previshe je nov.
Gledao sam malo algoritam istog. Perfektno brz, ali je zato jako kompleksan. Mislim da ce trebati vremena da se neko usudi da uradi proggy.
Mozda samo reiser-ov tim.

offline
  • Pridružio: 10 Avg 2005
  • Poruke: 151
  • Gde živiš: Novi Sad

Citat:Imate li i vi neki link/predlog za ovu listu?

dd_rescue?

offline
  • bocke  Male
  • Moderator foruma
  • Glavni moderator Linux foruma
  • Veliki Pingvin
  • Guru
  • Pridružio: 16 Dec 2005
  • Poruke: 12486
  • Gde živiš: Južni pol

The Sleuth Kit and Autopsy Browser.
http://www.sleuthkit.org/

Citat:sleuthkit.org is the official website for The Sleuth Kit and Autopsy Browser. Both are open source digital investigation tools (a.k.a digital forensic tools) that run on Unix systems (such as Linux, OS X, FreeBSD, OpenBSD, and Solaris). They can be used to analyze NTFS, FAT, Ext2, Ext3, UFS1, and UFS2 file systems and several volume system types.

The Sleuth Kit (TSK) is a collection of command line tools based on The Coroner's Toolkit (TCT). Autopsy is a graphical interface to the command line tools in TSK.


The Coroner's Toolkit (TCT)
http://www.porcupine.org/forensics/tct.html

Citat:TCT is a collection of programs by Dan Farmer and Wietse Venema for a post-mortem analysis of a UNIX system after break-in. The software was presented first in a Computer Forensics Analysis class in August 1999 (handouts can be found here). Examples of using TCT can be found in our Forensic Discovery book.

Foremost
http://foremost.sourceforge.net/

Citat:Foremost is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers can be specified by a configuration file or you can use command line switches to specify built-in file types. These built-in types look at the data structures of a given file format allowing for a more reliable and faster recovery.

Dopuna: 30 Maj 2006 22:52

Crash Recovery Kit for Linux
http://crashrecovery.org/

Citat:Crash Recovery for Linux sounds a bit superfluous. Linux is regarded as one of todays most stable Operating Systems. In the case of some hardware failure like a broken disk it can however be handy. Of course your machine doesn't have to have linux installed to make use of the CRK kit. There are several uses and purposes for the CRK to be used. To name a few :

* recovery of a trashed LILO boot record. How many times does it happen that some person installs windows 98/95 after he/she installed linux? Well in that case windows 9X just overwrites the MBR record and linux won't be able to boot anymore.
* backup over the network in the form of tar.gz tarballs. Both FAT16, FAT32, ext2 and all filesystems which Linux supports in a read/write fashion can be taken care of. The strong part of the CRK is when a disk is replaced or repartitioning is being done. The CRK boots a complete mini linux with networking where all possible hardware which is inside the Linux kernel is available.
* Testing hardware of new intel based machines.
* Detecting versions and types of hardware. The Linux kernel holds a large database of hardware supported. Booting a linux kernel doesn't only resolve if the hardware is ok, it also show its specs. This can be handy if one wants to check-out an old/new PC which is for sale.
* Recovery of a misconfigured or hacked Linux system. Well that can happen. /etc/fstab can be wrong or the root password is unknown etc.
* make a tape backup of a disk which can't be booted anymore.

The CRK is based on RedHat Linux. I have always used RedHat systems, thats why. When my system needed maintenance the rescue floppy image which RedHat supplies didn't fullfill my needs. Thats why i created the CRK. Lately i use Mandrake. How and why the CRK was created read the short history. The CRK is licensed under the GNU Public License (GPL). See the Changelog for whats included.


Navodno podržava i ntfs.

offline
  • Pridružio: 24 Sep 2006
  • Poruke: 26

Nedavno smo imali malu temicu o vraćanju obrisanih podataka sa hard diskova. Svi testovi su rađeni sa RIP LinuX 1.9 Live CD-om.

Evo i konkretnih rezultata:

Testiran je ext3 fajl sistem od 64 GB. Na njemu je bilo nekoliko hiljada fotografija koje sam obrisao, a potom odmah "zamrznuo" hard disk (to jest izvadio ga iz PC-a).

Foremost

foremost.sourceforge.net/

Foremost je uspeo da povrati nekih 15.000 slika. Neke od njih su bile oštećene zbog fragmentacije (sva sreća pa je bio ext3 fs... da je bio FAT32 ili NTFS fragmentacija bi pojela daleko više fotki... uvek defragmentirajte hardove!), neke su imale rupu od 1 bloka (znači, slika je tu, samo je JPG header oštećen). U svakom slučaju, vratio je skoro sve slike (nekih 80%) koje sam želeo.

Photorec

cgsecurity.org/wiki/PhotoRec

Photorec je odbio da vrati fragmentirane slike. (To bi verovatno bilo mnogo uspešnije da sam uključio opciju "keep corrupted files".) Neke od slika sa rupom od 1 bloka uspeo je da sredi "u letu". Međutim, ukupan broj vraćenih slika je daleko manji. Ukupno oko 10.000 slika (a od onih koje sam želeo samo nekih 50%).

Scalpel

digitalforensicssolutions.com/Scalpel/

Nisam testirao. Tek sam danas čuo za njega, a već sam prepeglao onaj hard (treba mi za instalaciju Arch Linux-a).

Sleuth Kit / Autopsy

sleuthkit.org/sleuthkit/
sleuthkit.org/autopsy/

E, ovo bi bilo interesantno, ali na žalost, imam veoma malo iskustva sa njima.

Zaključak

Dakle, foremost, koji je pre svega forenzički alat daje daleko bolje rezultate u ovom konkretnom slučaju.

Ako neko želi da mi pozajmi neki nesrećni hard da probam da mu/joj vratim podatke, neka mi pošalje PM. Ne garantujem ništa, pa ni to da ću imati vremena, ali ću se, ako stignem, rado pozabaviti time i rezultate objaviti ovde. Pre svega me interesuju NTFS is FAT fajl sistemi (Dakle, Window$).

Ko je trenutno na forumu
 

Ukupno su 1206 korisnika na forumu :: 39 registrovanih, 7 sakrivenih i 1160 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., airsuba, Andrija357, ArchaBasha, Asparagus, bojank, BSD, bufanje, ccoogg123, doktor1964, DonRumataEstorski, draganca, draggan, gorican, HogarStrashni, HrcAk47, Ivica1102, Krusarac, Krvava Devetka, Kubovac, kybonacci, Magistar78, Metanoja, milenko crazy north, milimoj, Mixelotti, mkukoleca, moldway, nemkea71, nenooo, oldtimer, opt1, Outis, panzerwaffe, Parker, Romibrat, vaso1, Velizar, Webb