Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: UNIX files timestamping - Need experts opinion as testimonial
Special Forums Cybersecurity UNIX files timestamping - Need experts opinion as testimonial Post 302896141 by Perderabo on Friday 4th of April 2014 03:00:51 PM
Old 04-04-2014
Understand that many different Unix filesystems exist. We don't know which one you are using. But in general...

"Since all files (File1 to File20) are supposed to have been present in the same directory (DIR) is it possible to succeed in identifying access and deletion timestamp of only a subset?"

Yes it it quite possible. Deleting a file frees an inode. The inode continues to have some useful info in it... until it happens to be re-used.


"Also File1 to File14 are assumed to be created and deleted earliest than File15 to File20 (fwe month to several years for some files)"

I don't know why you assume that. Files can be deleted wheneve the owner wants. No need to delete in the sequence they were created. Even if you have some rule in place and follow it closely... perhaps the bad guy who broke in did not follow your rule.


If you want to verify your experts opinions, hire a second set of experts to examine the same system. Do not tell the second set what the first set said.
 

10 More Discussions You Might Find Interesting

1. UNIX Desktop Questions & Answers

Need your help and opinion

Hey all, I'm brand new to Unix/Linux and have a couple of questions. I own a small education/consulting company that has a staff of approx. 50 employees. Most our work is geared towards the office-style environment (i.e. Word, Excel, Powerpoint, etc.). There are also some C and Java programmers... (4 Replies)
Discussion started by: dennie1
4 Replies

2. Solaris

Your Opinion requested

Ladies/Gentlemen, I am looking for a web-based tool to keep track of my Sun inventory. The following list of fields are fields I would like to store: Root Passwd (needs to be secure) / Hostid / Console Port / IP Address / Platform / Application / Hostname . . . you get the point. Do any of... (4 Replies)
Discussion started by: pc9456
4 Replies

3. Post Here to Contact Site Administrators and Moderators

Opinion

Hi, I am new at this site and at unix. I was reading some answers that the administrators and moderators have posted to others, and sometimes I feel like their a little sarcastic. I am asking just to be patient to me, I know nothing about unix but I do want to learn, and I think that positive... (7 Replies)
Discussion started by: HN19
7 Replies

4. What is on Your Mind?

I Am Calling All Unix Experts Young Mind In Need

My name is Courtney Robinson, and I am just a young man trying to figure out were he wants his life to head. I am currently in school for Computer Science and have once class left and jsut figured out I hate programming. However I am in love with Storage (SAN), UNIX, LINUX. I want to learn more.... (10 Replies)
Discussion started by: Courtney3216
10 Replies

5. Shell Programming and Scripting

forums to hire unix experts

Please recommend forums where I could look for unix expert candidates. (3 Replies)
Discussion started by: itmgr
3 Replies

6. UNIX for Dummies Questions & Answers

Unix Experts Answer this INterview Questions please

1, why Boot server should be in a network in jumpstart? 2, what is the different between patch and package? 3, how to list the avilable NIC in solaris9? 4, User complaing system is slow (solaris) what are the steps to check? 5, what is hardware error and software error and Transport Error? in... (5 Replies)
Discussion started by: suresh_krish
5 Replies

7. UNIX for Advanced & Expert Users

Expert Opinion

This perhaps does not belong in ths category; apologies, however, we have a heated debate going and your input will decide the result. Should UNIX (HP, AIX, etc) be rebooted following a monthly cycle (Every month, or a qtr, etc.). We have some UX admins (grumps) who say they have seen a UX... (6 Replies)
Discussion started by: rsheikh
6 Replies

8. Shell Programming and Scripting

NEED HELP FROM SHELL EXPERTS ASAP ..Compare of two files

I have seen the old forums before posting this thread...I did not find the designated answer for my shell script... I am novice in shell programming: Can some one help on how i can loop with in the loop when comparing two files... I need to compare ID in File1 with IDs in File2...If the ID... (1 Reply)
Discussion started by: rspotula
1 Replies

9. Shell Programming and Scripting

File timestamping issue

Hello, I am working on moving a data file to archive dir from the processing directory using the following lines in my FTP script. Sometimes the mv command does not work as the timestamp is is changed by seconds as the current date in the following code is changed. I have tried to use... (6 Replies)
Discussion started by: vidyab35
6 Replies

10. What is on Your Mind?

Something in my mind - what's your opinion ?

Dear Forum staff / Advisors / members , I am having something in my mind, about Linux / Unix possible Interview questions collections, I guess if I post them here,which might be useful for our members and for students, and in meantime we can discuss also about those questions, what's your... (4 Replies)
Discussion started by: Akshay Hegde
4 Replies

LEARN ABOUT DEBIAN

extundelete

EXTUNDELETE(1)						      General Commands Manual						    EXTUNDELETE(1)

NAME

       extundelete - utility to undelete files from an ext3 or ext4 partition.

SYNOPSIS

       extundelete [options] device-file...

DESCRIPTION

       extundelete is a utility that can recover deleted files from an ext3 or ext4 partition
       extundelete uses the information stored in the partition's journal to attempt to recover a file that has been deleted from the partition.
       There  is  no  guarantee  that any particular file will be able to be undeleted, so always try to have a good backup system in place, or at
       least put one in place after recovering your files!

OPTIONS

       --version
	      Prints the version number of extundelete.

       --help Print a brief usage summary for extundelete.

       Partition name
	      Name of the partition that has deleted files, such as /dev/sda3.
	      Could also be the file name of a copy of the partition, such as that made with dd.

       --superblock
	      Prints information about the filesystem from the superblock.

       --journal --superblock
	      Prints information about the journal from the journal's superblock.

       --inode #
	      Prints the information from the inode number of the filesystem given, such as "--inode 2".

       --block #
	      Prints the contents of the block, called as "--block 9652".

       --restore-file path/to/deleted/file
	      Attempts to restore the file which was deleted at the given filename, called as "--restore-file dirname/filename".

       --restore-inode #
	      Used to restore inodes by number, called as "--restore-inode 2569".
	      Also accepts a list of inodes separated by only commas, such as "--restore-inode 2569,5692,6925".

       --restore-files filename
	      Restores a list of files. First, construct a list of files in the same style as would be
	      used in the --restore-file option, and save it to the file "filename".
	      Then, this option may be used to attempt to restore those files with a single call to extundelete.
	      This form also reduces redundancy from multiple calls parsing the journal multiple times.

       --output-dir path/to/dump/recovered/files
	      Restores files in the output dir 'path'.
	      By default the restored files are created under current directory 'RECOVERED_FILES'

       --restore-all
	      Restores all files possible to undelete to their names before deletion, when possible.  Other files are restored to a filename  like
	      "file.NNNN".

       --restore-directory path/of/directory
	      Restores all files possible to link to specified directory to their names before deletion, when possible.

       -j journal_dev
	      Specifies the device that is the external journal of the file system.

       -b block_number
	      Specifies the block number of the backup superblock to be used when opening the file system.

       -B block_size
	      Specifies the block size of the partition to be used when opening the file system.

       --before date
	      Only  restore  files  deleted  before the date specified, which should be in the form of the number of seconds since the UNIX epoch.
	      Use a shell command like
	      $ date -d "Aug 1 9:02" +%s
	      to convert a human-readable date to the proper format. The conversion from the number of seconds to a readable format may  be  found
	      by using either of the following:
	      $ date -d@1234567890
	      $ perl -le "print scalar localtime 1234567890"

       --after date
	      Only restore files deleted after the date specified, which should be in the form of the number of seconds since the UNIX epoch.
	      See the notes for the --before option for more information.

AUTHOR

       extundelete was written by Nic Case <number9652@users.sourceforge.net> Copyright (C) 2009, 2010

       This manual page was written by Elias Alejandro Ano Mendoza <ealmdz@gmail.com>, for the Debian project (and may be used by others).

								September 29, 2010						    EXTUNDELETE(1)
All times are GMT -4. The time now is 05:10 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy