On 21 February 2002, Andreas Schreier <a_schreier@firemail.de> wrote: > How can I find out which blocks are intact and which are not > intact? Does the filename and directory of the file I want > to recover help? Thanks a lot for your help. I had no idea > how to cope with the situation but you give me some hope! If you didn't do any other operation on your partition (as you said in your post) then ALL the data blocks are intact. The problem is that you won't be able to tell which is a used block and which is not; neither can you tell to what file belonged each of the blocks or the file names and sizes. The only way to recover that data is to manually examine the content of each block. Of course you could use "grep" to find specific strings in your blocks (or other tools). If I would be in your place I would run the following script: (of course after you've provided the right password to losetup) ---- #!/bin/sh I=0 while [ 1 ]; do dd if=/dev/loop5 of=$I.blk bs=1024 count=1 skip=$I 2>&1 | grep -q "1+0" || break; I=$((I+1)); done ---- This will create a file for each block with the block number as the file name. If your partition is big is a good idea to complicate the script and put only a limited number of files per directory. Blocks in a file tend to be consecutive so you might be able to recover at least all your text files (use cat to join the blocks together). The size of the recovered files will be however multiple of 1k and you'll need to load them in an editor and cut the garbage from the end. -- Regards, Emil -- UNIX is user friendly. It's just picky about who its friends are. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
