Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Filesystems: Hiding and recovering data
Special Forums News, Links, Events and Announcements Filesystems: Hiding and recovering data Post 17439 by LivinFree on Friday 15th of March 2002 03:24:05 AM
Old 03-15-2002
Filesystems: Hiding and recovering data
Here is a very interesting article on not only hiding data on filesystems (the article deals mainly with the ext2 filesystem, which should also work with etx3), but also recovering, including from slack space on raw blocks, and even deleted data!

http://www.linuxsecurity.com/feature...forensics.html

It links to the Coroners Toolkit (as has been posted here several times), along with a few other tools I've never seen before. One of them can be found here:
http://recover.sourceforge.net/

Here's possibly even a better solution for ext2 filesystems:
http://e2undel.sourceforge.net/

Here's another link from the Links page - old, and possibly outdated, but a good description of why you may be able to retreive a file, or at least part of it:
http://www.ccl.net/cca/software/UNIX...m/README.shtml

Not too long, and a very interesting read!
Last edited by LivinFree; 03-15-2002 at 04:34 AM..
 

10 More Discussions You Might Find Interesting

1. SCO

HELP! Recovering system from New Orleans!!

I am helping a company recover a system that is SCO OS 5.0.5 - they have their backup media, cd copies of SCO, but they do not have their license keys to install and SCO is being difficult in validating their license. Does anyone have an install license key for 5.0.5 that they would be willing... (1 Reply)
Discussion started by: ggraham
1 Replies

2. UNIX for Dummies Questions & Answers

recovering files removed with rm

Hello, I was reading the manual on rm and it states that when you use 'rm' the files are usual recoverable, how is this done? Does it assume that a backup system is in place? Cheers Jack (4 Replies)
Discussion started by: jack1981
4 Replies

3. UNIX for Dummies Questions & Answers

Recovering lost folders/files data

Hello, Is there a way to recover data from a SCO UNIXWARE 7.4 operating system without using a tape backup device? We believe there is some data in some directories that was there once; but not anymore, we don't have a backup on tape. So, is there any other solution to recover? Hope... (0 Replies)
Discussion started by: Yorgy
0 Replies

4. UNIX for Dummies Questions & Answers

Help recovering a backed up file

Hello, By accident I erased a file at work and I need to restore it from a backup tape. My manager says I will have to use the mt command with the fsf option to look through the tape but I am confuzed. I did a restore -t to get a listing of the tape. This is taking a long time. If I sound... (1 Reply)
Discussion started by: mojoman
1 Replies

5. SCO

Recovering 5.0.7 from Bootable CD

I've been working with SCO Unix for several years now but have never had to restore a system from a bare drive. I have a bootable CD that contains what appears to be the correct files necessary to recover the boot and root filesystems. I've got the BIOS setup such that the CD is the first... (12 Replies)
Discussion started by: teamhog
12 Replies

6. High Performance Computing

MPI, recovering node

Hi all, I'm writing an MPI application, in which I handle failures and recover them. In order to do that, in case of one node failure, I would like to remove that node from the MPI_COMM_WORLD group and continue with the remaining nodes. Does anybody know how I can do that? I'm using... (5 Replies)
Discussion started by: SaTYR
5 Replies

7. UNIX for Dummies Questions & Answers

Flash drive recovering data.

I have a flash drive which contained very important docs. But somebidy accidently dleted those files. I want to recover these files anyhow. I have listened the Linux have best possible chances of recovering it. Can anybody tell me how to recover that? (1 Reply)
Discussion started by: nixhead
1 Replies

8. UNIX for Advanced & Expert Users

recovering a deleted directory

I accidentally deleted a very important directory today with this rm -r. What would be the recommended way to recover my directory? After a lot of googleing I have seen these choices. Could I get some recommendations please? Testdisk Photorec- Doesn't recover file name like I would like. ... (10 Replies)
Discussion started by: cokedude
10 Replies

9. Linux

Recovering corrupted LVM data: No readable superblocks

Hi all. Not sure where to post this, so figured I'd start here. I have a LVM2 partition that has become unreadable. I've scoured dozens of threads about the topic and have hit a wall, so any advice is appreciated. Below is what I think shows what my major problem is: First, a simple mount... (3 Replies)
Discussion started by: dargason
3 Replies

10. Solaris

Recovering DATA from sparc classic

I have a Sun sparc classic that I am trying to recover data off. The main CPU part just clicks or beeps when powered up, but does not come on (nothing on screen, and LED in front not lighting up). There is also an external SCSI drive, and I have verified there is a drive inside the CPU. ... (8 Replies)
Discussion started by: mackconsult
8 Replies

LEARN ABOUT REDHAT

fs

FILESYSTEMS(5)						     Linux Programmer's Manual						    FILESYSTEMS(5)

NAME

       filesystems - Linux filesystem types: minix, ext, ext2, ext3, xia, msdos, umsdos, vfat, proc, nfs, iso9660, hpfs, sysv, smb, ncpfs

DESCRIPTION

       When,  as  is  customary, the proc filesystem is mounted on /proc, you can find in the file /proc/filesystems which filesystems your kernel
       currently supports.  If you need a currently unsupported one, insert the corresponding module or recompile the kernel.

       In order to use a filesystem, you have to mount it, see mount(8) for the mount command, and for the available mount options.

       Below a short description of a few of the available filesystems.

       minix  is the filesystem used in the Minix operating system, the first to run under Linux.   It	has  a	number	of  shortcomings:  a  64MB
	      partition size limit, short filenames, a single time stamp, etc.	It remains useful for floppies and RAM disks.

       ext    is  an  elaborate  extension  of	the  minix  filesystem.   It  has been completely superseded by the second version of the extended
	      filesystem (ext2) and has been removed from the kernel (in 2.1.21).

       ext2   is the high performance disk filesystem used by Linux for fixed disks as well as removable media.  The  second  extended	filesystem
	      was  designed as an extension of the extended file system (ext).	ext2 offers the best performance (in terms of speed and CPU usage)
	      of the filesystems supported under Linux.

       ext3   is a journaling version of the ext2 filesystem. It is easy to switch back and forth between ext2 and ext3.

       ext3   is a journaling version of the ext2 filesystem.  ext3 offers the most complete set of journaling options available among	journaling
	      filesystems.

       xiafs  was  designed  and  implemented  to be a stable, safe filesystem by extending the Minix filesystem code.	It provides the basic most
	      requested features without undue complexity.  The xia filesystem is no longer actively developed or maintained.  It was removed from
	      the kernel in 2.1.21.

       msdos  is the filesystem used by DOS, Windows, and some OS/2 computers.	msdos filenames can be no longer than 8 characters, followed by an
	      optional period and 3 character extension.

       umsdos is an extended DOS filesystem used by Linux.  It adds capability for long filenames, UID/GID, POSIX permissions, and  special  files
	      (devices, named pipes, etc.)  under the DOS filesystem, without sacrificing compatibility with DOS.

       vfat   is  an extended DOS filesystem used by Microsoft Windows95 and Windows NT.  VFAT adds the capability to use long filenames under the
	      MSDOS filesystem.

       proc   is a pseudo-filesystem which is used as an interface to kernel data structures rather than reading and interpreting  /dev/kmem.	In
	      particular, its files do not take disk space. See proc(5).

       iso9660
	      is a CD-ROM filesystem type conforming to the ISO 9660 standard.

	      High Sierra
		     Linux  supports  High  Sierra, the precursor to the ISO 9660 standard for CD-ROM filesystems.  It is automatically recognized
		     within the iso9660 filesystem support under Linux.

	      Rock Ridge
		     Linux also supports the System Use Sharing Protocol records specified by the Rock Ridge Interchange Protocol.  They are  used
		     to  further  describe  the  files	in  the iso9660 filesystem to a UNIX host, and provide information such as long filenames,
		     UID/GID, POSIX permissions, and devices.  It is automatically recognized within the iso9660 filesystem support under Linux.

       hpfs   is the High Performance Filesystem, used in OS/2.   This	filesystem  is	read-only  under  Linux  due  to  the  lack  of  available
	      documentation.

       sysv   is an implementation of the SystemV/Coherent filesystem for Linux.  It implements all of Xenix FS, SystemV/386 FS, and Coherent FS.

       nfs    is the network filesystem used to access disks located on remote computers.

       smb    is a network filesystem that supports the SMB protocol, used by Windows for Workgroups, Windows NT, and Lan Manager.

	      To   use	 smb   fs,   you   need   a   special	mount	program,   which   can	 be   found   in  the  ksmbfs  package,  found	at
	      ftp://sunsite.unc.edu/pub/Linux/system/Filesystems/smbfs.

       ncpfs  is a network filesystem that supports the NCP protocol, used by Novell NetWare.

	      To use ncpfs, you need special programs, which can be found at ftp://linux01.gwdg.de/pub/ncpfs.

SEE ALSO

       proc(5), fsck(8), mkfs(8), mount(8)

								    2001-12-07							    FILESYSTEMS(5)
All times are GMT -4. The time now is 09:29 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy