What is the method of data recovery in linux system
Tools: hexedit, fdisk
The following operations are all completed in the root environment.
hexedit:
On Linux, hexedit is often used to modify the hexadecimal code of the program. Fdisk will not be introduced here.
Now let’s go into the world of disks and see what the disks do to the data.
First, use root privileges in the terminal to run the following command:
Command: fdisk -l
/dev/sdb1 It is today's protagonist. From the picture, you can clearly see some relevant data, such as disk size, sector, I/O size, etc.
The disk format is ext4, not the vfat32 and NTFS formats on MS. Paste a picture of FAT32 at the end of the article.
Step***:
Run fdisk and use expert mode to back up the Partition table.
The partition table of ext4 is very simple. Generally, the backup partition table is ext4.img. Backups are done to avoid data corruption during recovery.
Second step:
First execute the cut command operation on target sdb1, and move the files on sdb1 to the computer hard disk. After the execution is completed, use hexedit to open sdb1.
Cut file name: usb.png
Command: hexedit -s /dev/sdb1
You can see it in the picture Looking at the file name and the sector in which it is located, did you find that the device of the picture is sdc1? Due to the automatic mounting of the disk, the dev has changed, and the data will not change with the change of the dev of the disk. The file name has been found here. Next, we need to find the file header.
How to find the file header? You can use hexedit to perform hex search. If you want ASCII, you can press TAB to switch to the ASCII area.
#The size of the file determines the number of sectors occupied by the file on the disk, 1 sector==512 bytes. In the figure, the file header offset and sector are shown.
Extract the hex value and write it to the file.
Restored picture:
It looks very simple, it is just a single file cutting operation and data recovery. Here is a reminder: the data saved on the disk cannot be recovered after being deleted, but the data that has been cut can also be recovered.
Let’s take a look at how to operate after deleting data from the disk?
Execute the delete command on the disk to delete a file named 1.gif. The operation is as follows:
#The picture shows the changes from the file header to the file end sector, header sector: 264056, end sector: 264057, file size is 1K, the picture is very small.
Create a new file, and then perform the delete operation to see the disk data changes.
File header sector: 264056, end sector: 264061, the first time to delete The file header sector: 264056, end sector: 264057, this way you can see that the first deleted data is overwritten, while the second deleted data is retained.
This operation is to perform data recovery on a single file on the disk and demonstrate the data changes in the disk. Next let's take a look at the operation of double files.
There are two different types of files on the disk.
File name: partition.zip
File name: cab.ico
Header secotor of *** file: 264056, end sector: 264058
The second file header sector: 264064, end sector: 264076. It is found that the end sector of the first file and the header sector of the second file differ by multiple sectors, so what is the difference in the middle?
You can see the middle All differences are filled with 00. Here we summarize the practical operation on Linux:
ext4 file system
Execute cut and paste
file name: usb.png sector 67120
file header: sector 264064 file end: sector 264076
Execute deletion
file name: 1.gif sector 67112 (overwrite)
file header: start: sector 264056 end: sector 264057 (overwrite)
file name: 56.jpg sector 67112
file header:start: sector 264056 end: sector 264061
When a single file is used, execute When deleting, the last deleted data will be overwritten.
Save file
(1) file name: partition.zip sector 67112
file header: start sector 264056 end sector 264058
(2) file name: cab.ico sector 67112
file header: start sector 264064 end sector: 264068
Cut area: sector 264064
Delete area: sector 264056
Storage area: Coexists with the deleted area
Storage area: When a single file is used, the stored file overwrites the deleted area data.
Data recovery: When multiple files are deleted, the deleted data hex is retained in the deleted area. If new file data is created, the deleted data hex will be overwritten.
Attachment:
FAT32 disk format diagram:
##The above is the detailed content of What is the method of data recovery in linux system. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1386
52
How to use docker desktop
Apr 15, 2025 am 11:45 AM
How to use Docker Desktop? Docker Desktop is a tool for running Docker containers on local machines. The steps to use include: 1. Install Docker Desktop; 2. Start Docker Desktop; 3. Create Docker image (using Dockerfile); 4. Build Docker image (using docker build); 5. Run Docker container (using docker run).
Difference between centos and ubuntu
Apr 14, 2025 pm 09:09 PM
The key differences between CentOS and Ubuntu are: origin (CentOS originates from Red Hat, for enterprises; Ubuntu originates from Debian, for individuals), package management (CentOS uses yum, focusing on stability; Ubuntu uses apt, for high update frequency), support cycle (CentOS provides 10 years of support, Ubuntu provides 5 years of LTS support), community support (CentOS focuses on stability, Ubuntu provides a wide range of tutorials and documents), uses (CentOS is biased towards servers, Ubuntu is suitable for servers and desktops), other differences include installation simplicity (CentOS is thin)
What to do if the docker image fails
Apr 15, 2025 am 11:21 AM
Troubleshooting steps for failed Docker image build: Check Dockerfile syntax and dependency version. Check if the build context contains the required source code and dependencies. View the build log for error details. Use the --target option to build a hierarchical phase to identify failure points. Make sure to use the latest version of Docker engine. Build the image with --t [image-name]:debug mode to debug the problem. Check disk space and make sure it is sufficient. Disable SELinux to prevent interference with the build process. Ask community platforms for help, provide Dockerfiles and build log descriptions for more specific suggestions.
How to view the docker process
Apr 15, 2025 am 11:48 AM
Docker process viewing method: 1. Docker CLI command: docker ps; 2. Systemd CLI command: systemctl status docker; 3. Docker Compose CLI command: docker-compose ps; 4. Process Explorer (Windows); 5. /proc directory (Linux).
What computer configuration is required for vscode
Apr 15, 2025 pm 09:48 PM
VS Code system requirements: Operating system: Windows 10 and above, macOS 10.12 and above, Linux distribution processor: minimum 1.6 GHz, recommended 2.0 GHz and above memory: minimum 512 MB, recommended 4 GB and above storage space: minimum 250 MB, recommended 1 GB and above other requirements: stable network connection, Xorg/Wayland (Linux)
Detailed explanation of docker principle
Apr 14, 2025 pm 11:57 PM
Docker uses Linux kernel features to provide an efficient and isolated application running environment. Its working principle is as follows: 1. The mirror is used as a read-only template, which contains everything you need to run the application; 2. The Union File System (UnionFS) stacks multiple file systems, only storing the differences, saving space and speeding up; 3. The daemon manages the mirrors and containers, and the client uses them for interaction; 4. Namespaces and cgroups implement container isolation and resource limitations; 5. Multiple network modes support container interconnection. Only by understanding these core concepts can you better utilize Docker.
What is vscode What is vscode for?
Apr 15, 2025 pm 06:45 PM
VS Code is the full name Visual Studio Code, which is a free and open source cross-platform code editor and development environment developed by Microsoft. It supports a wide range of programming languages and provides syntax highlighting, code automatic completion, code snippets and smart prompts to improve development efficiency. Through a rich extension ecosystem, users can add extensions to specific needs and languages, such as debuggers, code formatting tools, and Git integrations. VS Code also includes an intuitive debugger that helps quickly find and resolve bugs in your code.
How to switch Chinese mode with vscode
Apr 15, 2025 pm 11:39 PM
VS Code To switch Chinese mode: Open the settings interface (Windows/Linux: Ctrl, macOS: Cmd,) Search for "Editor: Language" settings Select "Chinese" in the drop-down menu Save settings and restart VS Code
