How to use the command 'extundelete' (with examples)

How to use the command 'extundelete' (with examples)

Extundelete is a command-line tool used for recovering deleted files from ext3 or ext4 partitions by parsing the journal. This tool can be helpful in cases where files have been accidentally deleted or lost due to disk errors. By using extundelete, users can easily restore deleted files and directories from their ext3 or ext4 partitions.

Use case 1: Restore all deleted files inside partition N on device X

Code:

sudo extundelete /dev/sdXN --restore-all

Motivation: The motivation behind this use case is to restore all the deleted files from a specific partition on a given device. This can be useful in situations where all the files within a partition have been accidentally deleted.

Explanation:

  • sudo: The ‘sudo’ command is used to run extundelete with administrative privileges, allowing it to access the partition.
  • extundelete: The main command used to recover deleted files.
  • /dev/sdXN: Specifies the partition from which the files need to be recovered. “X” represents the device identifier, and “N” represents the partition number.
  • --restore-all: Instructs extundelete to restore all deleted files found within the specified partition.

Example output: Extundelete will scan the specified partition and restore all the deleted files found. The output will display the recovered files along with their respective paths.

Use case 2: Restore a file from a path relative to root

Code:

extundelete /dev/sdXN --restore-file path/to/file

Motivation: This use case is helpful when a specific file has been accidentally deleted and needs to be recovered. By providing the relative path to the file from the root directory, extundelete can restore it.

Explanation:

  • extundelete: The command used to recover deleted files.
  • /dev/sdXN: Specifies the partition from which the file needs to be recovered. “X” represents the device identifier, and “N” represents the partition number.
  • --restore-file: Indicates that extundelete should restore a specific file.
  • path/to/file: Specifies the relative path to the file from the root directory without starting the path with a slash (/).

Example output: Extundelete will search for the specified file within the specified partition and restore it if found. The output will display the restored file’s path and name.

Use case 3: Restore a directory from a path relative to root

Code:

extundelete /dev/sdXN --restore-directory path/to/directory

Motivation: This use case is applicable when a whole directory and its contents have been deleted and need to be restored. By providing the relative path to the directory from the root, extundelete can recover the entire directory tree.

Explanation:

  • extundelete: The command used to recover deleted files.
  • /dev/sdXN: Specifies the partition from which the directory needs to be recovered. “X” represents the device identifier, and “N” represents the partition number.
  • --restore-directory: Instructs extundelete to restore a specific directory.
  • path/to/directory: Specifies the relative path to the directory from the root directory without starting the path with a slash (/).

Example output: Extundelete will scan the specified partition and restore the deleted directory along with its contents if found. The output will display the restored directory’s path and name.

Use case 4: Restore all files deleted after a specific date

Code:

extundelete /dev/sdXN --restore-all --after 1577840400

Motivation: This use case comes in handy when all the files deleted after a certain date need to be recovered. By providing the UNIX timestamp for the desired date, extundelete will restore all the deleted files that meet the criteria.

Explanation:

  • extundelete: The command used to recover deleted files.
  • /dev/sdXN: Specifies the partition from which the files need to be recovered. “X” represents the device identifier, and “N” represents the partition number.
  • --restore-all: Instructs extundelete to restore all deleted files found within the specified partition.
  • --after: Specifies a condition that filters the deleted files based on the UNIX timestamp.
  • 1577840400: Represents the UNIX timestamp for January 1st, 2020. All files deleted after this timestamp will be restored.

Example output: Extundelete will scan the specified partition and restore all the files deleted after the provided timestamp. The output will display the path and name of each recovered file.

Conclusion:

The ’extundelete’ command can be a lifesaver when it comes to recovering deleted files from ext3 or ext4 partitions. By utilizing its various options, users can restore deleted files, directories, and even filter them based on specific conditions. However, it is important to note that extundelete may not be able to recover files that have been overwritten or damaged beyond repair.

Tags :

Related Posts

How to use the command 'shuf' (with examples)

How to use the command 'shuf' (with examples)

The ‘shuf’ command is a utility that generates random permutations. It can be used to randomize the order of lines in a file, generate random numbers within a specified range, and more.

Read More
How to use the command avbdeviced (with examples)

How to use the command avbdeviced (with examples)

The avbdeviced command is a service for managing Audio Video Bridging (AVB) devices.

Read More
Creating S3 Buckets (with examples)

Creating S3 Buckets (with examples)

Creating an S3 bucket Code: aws s3 mb s3://bucket_name Motivation: Creating an S3 bucket allows you to store and retrieve objects, such as files or data, in Amazon S3.

Read More