Undelete with grep


Earlier this afternoon, I did something really really really really really^(infinity) careless and stupid.
I was working on a bash script containing various commands to automate some things that had taken me days and days to learn and get my head round. The script was outputting its results in a directory, which i was continuously deleting, as I repeatedly (re)ran the script to debug and improve stuff.

Cue moment of complete madness:
instead of typing rm -rf [output_dir]
i typed rm -rf [script_filename]

…and then it was gone.

Quick… backups…
Oh… I forgot to back it up or take a copy before I started editing in improvements didn’t I

big sigh…. this is unix… no easy undelete available (at least not that I know of)
now what… ? This would take me days and days to reproduce.

some frantic googling later… this linuxforums thread came to the rescue!

Now I didn’t actually unmount the partition because I had an active session with lots of other stuff i needed not the best idea… always unmount while doing this

– STOP everything and DO NOT edit anything more (to prevent the diskspace being overwritten)
– Unmount the partition
– run the following command:
grep --binary-files=text -500 «search_string» /dev/sda4 > output.txt

– 500 is how many lines before and after the seatch_string to display
– search_string is a string contained in the file to be recovered
– /dev/sda4 is the partition from which the file was deleted

This reads through the whole partition, prints the number of lines before/after the string pattern into the file output.txt

Then you can search through the output.txt file and hopefully find a block of text that corresponds to the content of the file…. ready for copying/pasting/saving into a new file and immediate backing up onto every partition on the machine…. onto every USB memory stick you can find lying around your desk and in your pockets…. via ssh to every remote machine you own or have an account on… … … etc.

There are also various tools available like magicrescue (on Ubuntu sudo apt-get install magicrescue), but in this instance it didnt work for me – probably coz I didn’t create the recipe file correctly or didn’t know how to run it properly.

But good old grep was enough.


One Response to “Undelete with grep”

  1. Gertie Says:

    If you can, reveal a few “tricks of the trade” to help them
    make best use of what you sell. Do you sometimes wonder about switching too or from an accounting software package.

    Even if you aren’t on the preferred suppliers list, if you
    can offer some flexibility and meet the corporates needs you can overcome

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: