Visit Our UNIX and Linux User Community


Filesystems: Hiding and recovering data

 
Thread Tools Search this Thread
Special Forums News, Links, Events and Announcements Filesystems: Hiding and recovering data
# 1  
Old 03-15-2002
Filesystems: Hiding and recovering data

Here is a very interesting article on not only hiding data on filesystems (the article deals mainly with the ext2 filesystem, which should also work with etx3), but also recovering, including from slack space on raw blocks, and even deleted data!

http://www.linuxsecurity.com/feature...forensics.html

It links to the Coroners Toolkit (as has been posted here several times), along with a few other tools I've never seen before. One of them can be found here:
http://recover.sourceforge.net/

Here's possibly even a better solution for ext2 filesystems:
http://e2undel.sourceforge.net/

Here's another link from the Links page - old, and possibly outdated, but a good description of why you may be able to retreive a file, or at least part of it:
http://www.ccl.net/cca/software/UNIX...m/README.shtml

Not too long, and a very interesting read!

Last edited by LivinFree; 03-15-2002 at 04:34 AM..

Previous Thread | Next Thread
Test Your Knowledge in Computers #777
Difficulty: Easy
The Fourier transform can be formally defined as an improper Riemann integral.
True or False?

10 More Discussions You Might Find Interesting

1. Solaris

Recovering DATA from sparc classic

I have a Sun sparc classic that I am trying to recover data off. The main CPU part just clicks or beeps when powered up, but does not come on (nothing on screen, and LED in front not lighting up). There is also an external SCSI drive, and I have verified there is a drive inside the CPU. ... (8 Replies)
Discussion started by: mackconsult
8 Replies

2. Linux

Recovering corrupted LVM data: No readable superblocks

Hi all. Not sure where to post this, so figured I'd start here. I have a LVM2 partition that has become unreadable. I've scoured dozens of threads about the topic and have hit a wall, so any advice is appreciated. Below is what I think shows what my major problem is: First, a simple mount... (3 Replies)
Discussion started by: dargason
3 Replies

3. UNIX for Advanced & Expert Users

recovering a deleted directory

I accidentally deleted a very important directory today with this rm -r. What would be the recommended way to recover my directory? After a lot of googleing I have seen these choices. Could I get some recommendations please? Testdisk Photorec- Doesn't recover file name like I would like. ... (10 Replies)
Discussion started by: cokedude
10 Replies

4. UNIX for Dummies Questions & Answers

Flash drive recovering data.

I have a flash drive which contained very important docs. But somebidy accidently dleted those files. I want to recover these files anyhow. I have listened the Linux have best possible chances of recovering it. Can anybody tell me how to recover that? (1 Reply)
Discussion started by: nixhead
1 Replies

5. High Performance Computing

MPI, recovering node

Hi all, I'm writing an MPI application, in which I handle failures and recover them. In order to do that, in case of one node failure, I would like to remove that node from the MPI_COMM_WORLD group and continue with the remaining nodes. Does anybody know how I can do that? I'm using... (5 Replies)
Discussion started by: SaTYR
5 Replies

6. SCO

Recovering 5.0.7 from Bootable CD

I've been working with SCO Unix for several years now but have never had to restore a system from a bare drive. I have a bootable CD that contains what appears to be the correct files necessary to recover the boot and root filesystems. I've got the BIOS setup such that the CD is the first... (12 Replies)
Discussion started by: teamhog
12 Replies

7. UNIX for Dummies Questions & Answers

Help recovering a backed up file

Hello, By accident I erased a file at work and I need to restore it from a backup tape. My manager says I will have to use the mt command with the fsf option to look through the tape but I am confuzed. I did a restore -t to get a listing of the tape. This is taking a long time. If I sound... (1 Reply)
Discussion started by: mojoman
1 Replies

8. UNIX for Dummies Questions & Answers

Recovering lost folders/files data

Hello, Is there a way to recover data from a SCO UNIXWARE 7.4 operating system without using a tape backup device? We believe there is some data in some directories that was there once; but not anymore, we don't have a backup on tape. So, is there any other solution to recover? Hope... (0 Replies)
Discussion started by: Yorgy
0 Replies

9. UNIX for Dummies Questions & Answers

recovering files removed with rm

Hello, I was reading the manual on rm and it states that when you use 'rm' the files are usual recoverable, how is this done? Does it assume that a backup system is in place? Cheers Jack (4 Replies)
Discussion started by: jack1981
4 Replies

10. SCO

HELP! Recovering system from New Orleans!!

I am helping a company recover a system that is SCO OS 5.0.5 - they have their backup media, cd copies of SCO, but they do not have their license keys to install and SCO is being difficult in validating their license. Does anyone have an install license key for 5.0.5 that they would be willing... (1 Reply)
Discussion started by: ggraham
1 Replies
CVTBATCH(8)						      System Manager's Manual						       CVTBATCH(8)

NAME
cvtbatch - convert Usenet batch file to INN format SYNOPSIS
cvtbatch [ -w items ] DESCRIPTION
Cvtbatch reads standard input as a series of lines, converts each line, and writes it to standard output. It is used to convert simple batchfiles that contain just the article name to INN batchfiles that contain additional information about each article. Each line is taken as the pathname to a Usenet article. If it is not an absolute pathname, it is taken relative to the spool directory, /var/spool/news. (Only the first word of each line is parsed; anything following whitespace is ignored.) OPTIONS
-w The ``-w'' flag specifies how each output line should be written. The items for this flag should be chosen from the ``W'' flag items as specified in newsfeeds(5). They may be chosen from the following set: b Size of article in bytes f full pathname of article m article message-id n relative pathname of article If the input file consists of a series of Message-ID's, then use grephistory(1) with the ``-s'' flag piped into cvtbatch. HISTORY
Written by Rich $alz <rsalz@uunet.uu.net> for InterNetNews. This is revision 1.4, dated 1996/10/29. SEE ALSO
grephistory(1) newsfeeds(5). CVTBATCH(8)

Featured Tech Videos