Login or Register to Ask a Question and Join Our Community


News, Links, Events and Announcements

Filesystems: Hiding and recovering data

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums News, Links, Events and Announcements Filesystems: Hiding and recovering data
# 1  
Old 03-15-2002
Filesystems: Hiding and recovering data
Here is a very interesting article on not only hiding data on filesystems (the article deals mainly with the ext2 filesystem, which should also work with etx3), but also recovering, including from slack space on raw blocks, and even deleted data!

http://www.linuxsecurity.com/feature...forensics.html

It links to the Coroners Toolkit (as has been posted here several times), along with a few other tools I've never seen before. One of them can be found here:
http://recover.sourceforge.net/

Here's possibly even a better solution for ext2 filesystems:
http://e2undel.sourceforge.net/

Here's another link from the Links page - old, and possibly outdated, but a good description of why you may be able to retreive a file, or at least part of it:
http://www.ccl.net/cca/software/UNIX...m/README.shtml

Not too long, and a very interesting read!
Last edited by LivinFree; 03-15-2002 at 04:34 AM..
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

Recovering DATA from sparc classic

I have a Sun sparc classic that I am trying to recover data off. The main CPU part just clicks or beeps when powered up, but does not come on (nothing on screen, and LED in front not lighting up). There is also an external SCSI drive, and I have verified there is a drive inside the CPU. ... (8 Replies)
Discussion started by: mackconsult
8 Replies

2. Linux

Recovering corrupted LVM data: No readable superblocks

Hi all. Not sure where to post this, so figured I'd start here. I have a LVM2 partition that has become unreadable. I've scoured dozens of threads about the topic and have hit a wall, so any advice is appreciated. Below is what I think shows what my major problem is: First, a simple mount... (3 Replies)
Discussion started by: dargason
3 Replies

3. UNIX for Advanced & Expert Users

recovering a deleted directory

I accidentally deleted a very important directory today with this rm -r. What would be the recommended way to recover my directory? After a lot of googleing I have seen these choices. Could I get some recommendations please? Testdisk Photorec- Doesn't recover file name like I would like. ... (10 Replies)
Discussion started by: cokedude
10 Replies

4. UNIX for Dummies Questions & Answers

Flash drive recovering data.

I have a flash drive which contained very important docs. But somebidy accidently dleted those files. I want to recover these files anyhow. I have listened the Linux have best possible chances of recovering it. Can anybody tell me how to recover that? (1 Reply)
Discussion started by: nixhead
1 Replies

5. High Performance Computing

MPI, recovering node

Hi all, I'm writing an MPI application, in which I handle failures and recover them. In order to do that, in case of one node failure, I would like to remove that node from the MPI_COMM_WORLD group and continue with the remaining nodes. Does anybody know how I can do that? I'm using... (5 Replies)
Discussion started by: SaTYR
5 Replies

6. SCO

Recovering 5.0.7 from Bootable CD

I've been working with SCO Unix for several years now but have never had to restore a system from a bare drive. I have a bootable CD that contains what appears to be the correct files necessary to recover the boot and root filesystems. I've got the BIOS setup such that the CD is the first... (12 Replies)
Discussion started by: teamhog
12 Replies

7. UNIX for Dummies Questions & Answers

Help recovering a backed up file

Hello, By accident I erased a file at work and I need to restore it from a backup tape. My manager says I will have to use the mt command with the fsf option to look through the tape but I am confuzed. I did a restore -t to get a listing of the tape. This is taking a long time. If I sound... (1 Reply)
Discussion started by: mojoman
1 Replies

8. UNIX for Dummies Questions & Answers

Recovering lost folders/files data

Hello, Is there a way to recover data from a SCO UNIXWARE 7.4 operating system without using a tape backup device? We believe there is some data in some directories that was there once; but not anymore, we don't have a backup on tape. So, is there any other solution to recover? Hope... (0 Replies)
Discussion started by: Yorgy
0 Replies

9. UNIX for Dummies Questions & Answers

recovering files removed with rm

Hello, I was reading the manual on rm and it states that when you use 'rm' the files are usual recoverable, how is this done? Does it assume that a backup system is in place? Cheers Jack (4 Replies)
Discussion started by: jack1981
4 Replies

10. SCO

HELP! Recovering system from New Orleans!!

I am helping a company recover a system that is SCO OS 5.0.5 - they have their backup media, cd copies of SCO, but they do not have their license keys to install and SCO is being difficult in validating their license. Does anyone have an install license key for 5.0.5 that they would be willing... (1 Reply)
Discussion started by: ggraham
1 Replies
Login or Register to Ask a Question

LEARN ABOUT SUSE

sm

SM(1)							    InterNetNews Documentation							     SM(1)

NAME

       sm - Command-line interface to the INN storage manager

SYNOPSIS

       sm [-cdHiqRrSs] [token ...]

DESCRIPTION

       The INN storage manager is the subsystem that stores and keeps track of all of the articles and what storage backend they're in.  All
       stored articles are assigned a storage API token.  sm is a command-line interface to that storage manager, primarily used to retrieve
       articles by those tokens but also to perform other operations on the storage subsystem.

       token is the token of an article (the same thing that's returned by grephistory or stored in the history file).	It looks something like:

	   @0502000005A4000000010000000000000000@

       Any number of tokens can be given on the command-line for any function other than -s.  If none are, sm normally reads tokens from standard
       input, one per line.  The default operation is to retrieve and write to standard output the corresponding article for each token given.

       If -s is given, sm instead stores the article given on standard input (in native format, not wire format) using the standard rules of the
       storage subsystem.  If the article is stored successfully, the token of the article is printed to standard output.  Please note that this
       does not make any attempt to write a history entry or any overview data, and is therefore only useful under very specific circumstances.

OPTIONS

       -c  Show a clear, decoded form of the storage API token.  Each part of the token is explained, in a human-readable string.  Amongst other
	   elements, this command gives the path to where the corresponding article is supposed to be stored.

       -d, -r
	   Rather than retrieving the specified article, remove the article.  This will delete the article out of the news spool and it will not
	   subsequently be retrievable by any part of INN.  It's equivalent to "ctlinnd cancel" except it takes a storage API token instead of a
	   message-ID.

       -H  Retrieve only the headers of the article rather than the entire article.  This option cannot be used with -d, -r, -i, or -S.

       -i  Show the newsgroup name and article number associated with the token rather than the article itself.  Note that for crossposted
	   articles, only the first newsgroup and article number to which the article is associated will be returned.

       -q  Suppress all error messages except usage errors.

       -R  Display the raw article.  This means that line endings won't be converted to native line endings and will be left as CRLF sequences;
	   leading periods will still be escaped for sending over NNTP, and the article will end in a CRLF.CRLF sequence.

       -S  Write the article to standard output in the format used by rnews spool files.  Multiple articles can be written in this format, and the
	   resulting output can be fed to rnews (on another system, for example) to inject those articles into INN.  This option cannot be used
	   with -d, -r, -H, -i, or -R.

       -s  Store the article given on standard input using the normal storage rules for articles as configured in storage.conf(5).  Print the new
	   token for the message to standard output if it is stored successfully.  If this option is given, no other options except possibly -q
	   should be given.

EXIT STATUS

       If all operations were successful, sm exits with status 0.  If an operation on any of the provided tokens fails, sm will exit with status
       1, even if the operations on other tokens were successful.  In other words, if twenty tokens are fed to "sm -r" on stdin, 19 articles were
       successfully removed, but the sixth article couldn't be found, sm will still exit with status 1.

       This means that if you need to be sure whether a particular operation succeeded, you should run sm on one token at a time.

HISTORY

       Written by Katsuhiro Kondou <kondou@nec.co.jp> for InterNetNews.  Rewritten in POD by Russ Allbery <rra@stanford.edu>.

       $Id: sm.pod 8818 2009-11-17 18:58:24Z iulius $

SEE ALSO

       ctlinnd(8), grephistory(1), history(5), rnews(1), storage.conf(5).

INN 2.5.2							    2010-02-08								     SM(1)