0
I'm trying to recover some files deleted from a Linux ext3 partition. I've grepped the raw partition device (/dev/sda1) using grep -b and it gave me an offset. What's the easiest way for me to read a chunk of data from that block device starting from the offset returned by grep?
EMP
Posted 2010-06-02T06:09:09.240
Reputation: 4 688
3
With dd: set the block size to 1k to simplify the math, then skip that number of blocks to (just before) the offset and copy however many count of blocks you think you might need, using the partition as the input file, to an output file:
dd if=/dev/sda1 of=recovery_file bs=1k skip=4321 count=20
Ken
Posted 2010-06-02T06:09:09.240
Reputation: 7 497
Also have a look at debugfs. Online tutorials exist.
– dirkt – 2017-05-02T06:43:56.907