JP Vossen on 14 Feb 2008 16:33:16 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] "unerase" for linux ext3?

 > Date: Thu, 14 Feb 2008 17:15:41 -0500
 > From: Eric <>
 > Subject: Re: [PLUG] "unerase" for linux ext3?
 > When I ran the grep command it told me that "binary file /dev/sdb2
 > matches"  :-)

Good!  So you've found *something*...

 > I need a command that finds the matching string and outputs the next
 > block of characters to a file (on another device of course.).  Hummm
 > Perl comes to mind.

Sorry, my mistake.  Add '-a' to grep to force ASCII mode.  See also -B, 
-A, -C for the before, after, or both context amount options.

Here's the thread on my oops, less than 1 year ago.  Huh, thought it was 

Grep commands (as root) I used, where my data partition on my RAID5
array is on /dev/sda2:
# grep -a -A 700 '' /dev/sda2 | strings | less
# grep -a -A 200 '# First, check the entire record verbatim' /dev/sda2 |
strings | less

Kristian Erik Hermansen wrote:

 > Check out foremost.

Nice article.  And Foremost sounds most impressive.  I've just 
prophylactically installed it on a couple of key machines, just in case.

Mark wrote:

 > See also:

That sounds like a more structured and automated version of my 
half-assed, "just grep it" solution.  Bookmarked it.

 > TCT, TSK, Autopsy (

sudo aptitude install sleuthkit autopsy
:-)  Nice.

Again, good luck to Eric,
JP Vossen, CISSP            |:::======|        jp{at}jpsdomain{dot}org
My Account, My Opinions     |=========|
Microsoft has single-handedly nullified Moore's Law.
Innate design flaws of Windows make a personal firewall, anti-virus
and anti-malware software mandatory. The resulting software arms race
has effectively flattened Moore's Law on hardware running Windows.
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --