Have you ever experienced that all the data on your hard disk disappears during the busy season at the end of the year? It makes me very sad to give advice as a senior.
Therefore, I recovered the data with the enthusiasm mentioned in the headline, so I will leave it as a memorandum.
First of all, the situation.
First, run rm -rf *.
The starting line is after confirming that all the target source code and files have disappeared.
From this situation, you will generally take the following method.
--Hurry up and shut down the machine you've done
--Create a Linux live USB on another PC
--Boot the machine you've done on Linux live USB
--Check with fdisk -l to see the disk of themachinethat you've done from the live OS
--After that, recover the files by making full use of TestDisk, ʻext4magic, foremost, ʻextundelete.
Normally, most files will be recovered up to this point. However, even in this case, recovery may be refused stubbornly.
Here is a summary of the current conditions.
--File cannot be recovered with TestDisk, ʻext4magic, foremost, ʻextundelete
--The disk itself is not physically damaged
--Hardware Raid 1 + 0
--ext4 file system
--Since it shut down immediately after the problem occurred, it seems that the file remains logically just because the inode is cut off.
--Rejected by data recovery company
Finally, when I asked a data recovery company, if I could not recover with TestDisk, ʻext4magic, foremost, ʻextundelete, I was told that it was impossible because I had done a lot.
When I negotiated the price, I was told that it would start from at least 1 million yen.
First, let's assume that the target file is in a sea of information on disk, not physically dead, but just deindexed. So, first of all, dump the RAID is complicated and make it into one file. Next, I would like to recover the files.
dump Dump below.
#Check the target disk
$ sudo fdisk -l
> sda1
#Dump
$ dd if=/dev/sda1 of=./dump.img bs=512M
Now you have one file.
This time, I mainly want to restore the source code. And the source code is probably somewhere in this dump file.
recover There is about 1 tera of dump files, and I have no idea where and what data is. So, imagine a part of the source code and try to pull where the binary code for some text is. Yes, use Grep.
grep -i -a -B[size before] -A[size after] 'SEARCH_TEXT' DEVICE > OUTPUT_PATH
-i is not case sensitive (case insensitive)
-a is a binary search
For example, python would be written as #! / Usr / bin / python.
In that case, use it like this.
grep -i -a -B10 -A1000 '#!/usr/bin/python' /dev/sda1 > ./backup.txt
As a result of steadily following the source code, I was able to partially recover. If it is an image, you can search the header of the image in the same way.
By the way, if you search with \ r-> ^ M, you can get most of the text.
Although the data is partially caught, it is the work of hell to mold this partial data into one file.
First of all, if you can't recover even a piece by this method, you should give up. Only do not erase the data. </ b>
Recommended Posts