    1 ===============================================================================
    2 Ext3Undel                       (c) 2008 by Itzchak Rehberg (devel@izzysoft.de)
    3 -------------------------------------------------------------------------------
    4 $Id: readme.txt 23 2008-06-20 19:41:08Z izzy $
    5 -------------------------------------------------------------------------------
    6 Script to help you undelete (accidentally) deleted files from ext2/ext3 disk
    7 partitions - by automating the necessary steps of running different utilities
    8 ===============================================================================
   10 Contents
   11 --------
   13 1) Copyright and warranty
   14 2) Requirements
   15 3) Limitations
   16 4) What is ext3undel, and what does it do?
   17 5) Installation
   18 6) Usage
   19 7) Additional information
   21 ===============================================================================
   23 1) Copyright and Warranty
   24 -------------------------
   26 This little program is (c)opyrighted by Andreas Itzchak Rehberg
   27 (devel AT izzysoft DOT de) and protected by the GNU Public License Version 2
   28 (GPL). For details on the License see the file LICENSE in this directory. The
   29 contents of this archive may only be distributed all together.
   31 ===============================================================================
   33 2) Requirements
   34 ---------------
   36 Dependencies are slightly different for the contained script. So for G.A.B.I.
   37 you will need PhotoRec (or foremost) only, while R.A.L.F. additionally requires
   38 some executables from the Sleuthkit (namely fls, fsstat and dls). All other
   39 requirements are essentially and should be available on all systems: Bash, Awk,
   40 and things like that.
   42 ===============================================================================
   44 3) Limitations
   45 ---------------
   47 No warranties at all :) For more, see also the other documentation files and man
   48 pages. If you think there's something missing here, don't hesitate to notify the
   49 author (me) about it - chances are quite good it will be added if possible.
   51 ===============================================================================
   53 4) What is ext3undel, and what does it do?
   54 ------------------------------------------
   56 The short description above already said it: It's two scripts to help you
   57 recovering files you (accidentally) deleted from some ext2/ext3 formatted
   58 drive.
   60 Though most pages in the InterNet state it is impossible to undelete such files,
   61 this is simply wrong. Just think of all the forensic people - it is their
   62 daily work. Correct is: It is not that easy as to simply take them out of some
   63 trash folder. The ext2/ext3 file system stores the MetaData (i.e. the file name,
   64 its size, creation/modification date, etc.) in its "iNodes" - together with the
   65 information in which file system blocks the real data is stored. When you delete
   66 a file, this connection is broken - and both, iNode and data blocks, are marked
   67 as free; but the information stays there until it is overwritten.
   69 Due to this fact, tools like PhotoRec or foremost can scan the "free" blocks for
   70 "signatures", and restore the files data (there are "significant bits" for most
   71 file types - just open some in an ASCII viewer, and you will note the "JFIF" in
   72 the beginning of JPG files, "FLV" for Flash Videos, "PK" in ZIP files, and so
   73 on). But since the connection to the iNode is lost, they cannot tell the real
   74 name of that file - and thus cannot restore a "certain file" - it's either all
   75 or nothing, and for a large disk there may be many files restored (which would
   76 take you hours to sort out).
   78 However, iNodes are organized in groups, and each of these groups have a known
   79 group of data blocks they keep the information for. So if we could figure out
   80 the iNode our file occupied once, we can restrict our restore process to that
   81 group of blocks - that is what R.A.L.F. does with the help of Sleuthkit: The
   82 'fls' executable lists up all iNodes together with the MetaData (which we grep
   83 for the file name, so we get the iNode number). 'fsstat' lists up all iNode
   84 groups together with their associated data blocks (which we grep for the iNode
   85 number retrieved with 'fls'). 'dls' extracts the specified data blocks from the
   86 file system, and stores them to an image. Now we can tell PhotoRec (or foremost)
   87 to scan that image (instead of the complete file system), and our result is
   88 much closer to what we seek.
   90 Opposite to R.A.L.F., G.A.B.I. is designed to get all files from a given disk
   91 (partition). You might not need G.A.B.I., but could use PhotoRec or foremost
   92 directly instead - all G.A.B.I. does is to save you from selecting the command
   93 line switches/options, and ensuring that you recover to a disk/partition other
   94 than the original data are on, to avoid more destruction before the recovery
   95 has been done.
   97 ===============================================================================
   99 5) Installation and configuration
  100 ---------------------------------
  102 Unpack the tarball (you probably already did so when you're reading this).
  103 Check the path specifications at the top of the Makefile (they should be fine
  104 for Ubuntu and most likely other Debian derivates), and finally simply run
  105 "sudo make install" (see doc/install.txt for more details on this way of
  106 [un]installation).
  108 Alternatively, put the executables somewhere in your path, and optionally
  109 put the man pages to their locations, and you are done with the installation.
  111 Finally you may want to review/edit the settings in /etc/ext3undel/ext3undelrc
  112 (or copy that file to $HOME/.ext3undel/ext3undelrc and adjust it there), to
  113 see if they fit your requirements. This step is usually not necessary - but
  114 you may do so if you want to.
  116 ===============================================================================
  118 6) Usage
  119 --------
  121 Calling either script with the parameter "--help" will reveal this information.
  123 After successfully installing the package, more information can also be found
  124 calling "man gabi" and "man ralf".
  126 ===============================================================================
  128 7) Additional Information
  129 -------------------------
  131 For information on the development as well as availability of new versions, you
  132 may want to visit the project site, i.e.
  133   http://projects.izzysoft.de/trac/ext3undel
  134 or the authors website, more precisely:
  135   http://www.izzysoft.de/?topic=software
  136 or the project page on Freshmeat:
  137   http://freshmeat.net/projects/ext3undel
  138 On the second mentioned page, you will also find more information about other
  139 programs written by the author - as you will on Freshmeat when visiting
  140   http://freshmeat.net/~izzysoft/
  142 To file a bug report, feature request or simply have a look at the current
  143 development, please visit http://projects.izzysoft.de/trac/ext3undel