On Wed, Feb 25, 2009 at 10:50 AM, Hal Pomeranz <[email protected]> wrote:
> > Thanks. I have foremost installed. My problem is that I'm not > > certain of all the file types in the directory. If I recall > > correctly they were mostly perl scripts. I had read somewhere that I > > could just tell foremost to grab ASCII files which would include > > said perl scripts. > > Meh. Foremost is not generally good at ASCII text files. You might > try "-t cpp" which grabs C source code. I suspect Perl is close enough > that you'll get some hits. > Hopefully. It's not the end of the world but I'd like to get them back. > > Otherwise you may be stuck with using tools like dls from the Sleuthkit > (sleuthkit.org) to suck the free blocks out of the image and then grep > around for strings of interest (like "#!/usr/bin/perl"). Then you can > use dcat/blkcat to retrieve chunks of your files. I warn you that this > is going to be tedious, however. > I have Sleuthkit installed also but didn't see dsl as one of the install programs, there is fls however. > > > I have rebooted the machine with said filesystem unmounted now. I > > also have the disk image I created which is just under 100GB since I > > dd'd the partition. Would it be advisable to use foremost on the > > disk image or the actual filesystem while unmounted in order to > > collect the data? > > Doesn't hurt to try both. The disk image might be corrupt because you > took it from a running file system. OTOH, the file system might have > re-used some of the data blocks between the time you took the image > and the time you got the file system unmounted. > > By the way, I also have to be a PITA and point out that you wouldn't > be going through any of this pain if you had backups on hand. Consider > spending $125 on an external 1TB drive and a little of your time > implementing an automated backup strategy. > Funny as it is, I have an external drive attached to the machine already. I was doing some housecleaning so that I could then have a clean "tree" as it were to start my backups. I do appreciate your advice/information though it is greatly appreciated =) Drew- > > -- > Hal Pomeranz, Founder/CEO Deer Run Associates [email protected] > Network Connectivity and Security, Systems Management, Training > _______________________________________________ > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug > _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
