How to fully recover deleted files on ext3 Debian Linux partition – undelete files from ext3 filesystems with ext3grep

Monday, 7th March 2011

In order to recover fully data by mistake or on purpose deleted on Debian GNU/Linux there is a tool called ext3grep which is able to completely recover data by innodes.

Recovering the deleted files data is very easy and can be done via some livecd after installing the ext3grep tool.

In my case I used the Back Track Linux distribution to recover my data. Recovery is still in process and it appears all or at least most of my data is about to be recovered.

For the recovery procedure all necessary is an external partition in ext3 or ext3 where the recovered data from the ext3 device can be stored.

My partition was about 20GB and since I had no external hard dive to store the data to I used the sshfs to mount remotely a hard drive via the networking using the sshfs program to make the ssh mount for more see my previous post Howto mount remote server ssh filesystem using sshfs

The Backtrack livecd linux security distribution is missing the ext3grep tool thus I had to first install the tool after booting the livecd on the notebook to succeed in that it was necessary to install the e2fslibs-dev package through the command:

debian:~# apt-get install e2fslibs-dev

Further on I've downloaded the latest version of the ext3grep and untarred the archive and compiled it with the commands:

debian:~# ./configure && make && make install
Then I used the simple commands:

debian:~# cd /mnt/res
debian:~# ext3grep --restore-all /dev/sda8

to launch the recovery.
Where in the above commands /mnt/res is the mountpoint location where I wanted to have all my data recovered and the /dev/sda8 is the device from which I wanted to recover my data.

It takes a bit long until the recovery is completed and with 20 gigabytes of data about 5, 6 hours might be necessary for the data to be recovered but the main point is it recovers.

Share this on:

Download PDFDownload PDF

Tags: , , , , , , , , , ,

One Response to “How to fully recover deleted files on ext3 Debian Linux partition – undelete files from ext3 filesystems with ext3grep”

  1. Liviu Chircu says:
    Google Chrome 20.0.1132.57 Google Chrome 20.0.1132.57 GNU/Linux x64 GNU/Linux x64
    Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11

    Thanks for the quick guide! Worked miracles!

    View CommentView Comment

Leave a Reply

CommentLuv badge