How to recover deleted files in linux filesystem (a bit faster)?

Question

If I launch the following command to recover lost file on linux:

grep -a -B 150 -A 600 "class SuperCoolClass" /dev/sda10 > /tmp/SuperCoolClass.repair

Do I really need the "-a"? We need to recover from "sda10" some erased files (sabotage) and we have a bunch of them to recover and I believe removing the -a would be faster.

I believe the files to be on disk but not in binary.

thx

Answer 1

To recover a text file (only a text file) you accidently deleted / overwrote (provided you remember a phrase in that text file)

• Ensure the safety of files by unmounting the directory with

  umount /home/johndoe.

• Find which hard disk partition the folder is at, say sda3

• Switch to terminal as root.

• Run

  grep -a -A800 -B800 'search this phrase' /dev/sda3 | strings>recovery_log.txt

• This will take a while. You can go through the file recovery_log.txt using any text editor, even while the command is running.

Answer 2

The file you are working on is /dev/sda10 which grep would assume to contain binary data. In order to treat it as text (which you are looking for) you need the -a otherwise grep will just print Binary file /dev/sda10 matches

In addition since the task is IO rather than CPU bound it would not be a big performance gain in any case.

In the future it's quite easy to test something like this by yourself:

• create dummy 10Mb disk: dd if=/dev/zero of=testfs bs=1024 count=10000
• create filesystem: mkfs.ext4 testfs
• mount via loopback: mount -o loop ./testfs /mnt/test/
• copy some stuff on the dummy filesystem
• unmount: umount /mnt/test
• run grep on the test file with different options

EDIT it just occurred to me that maybe you are looking for the command '/usr/bin/strings' instead

something like:

• extract all printable strings from ruined disk: /usr/bin/strings -a /dev/sda10 > /tmp/recovery
• grep on the text only many times for different strings: grep "whatever" /tmp/recovery > /tmp/recovery.whatever