On 07/19/2017 02:59 AM, Stefan Ring wrote: > On Tue, Jul 18, 2017 at 1:48 AM, Dave Chinner <david@xxxxxxxxxxxxx> wrote: >> To analyse such things, maybe consider gathering obfuscated metadump >> images rather asking people to run scripts that gather limited >> information. That way you can develop scripts to extract the >> information your research requires from the filesystem images you >> received, rather than try to draw tenuous conclusions from a limited >> data set... > > I have created a metadump that is 1GB in size, xz-compressed. However, > by running strings on it I find that there are many identifiable > remains inside, and I cannot legally pass this on. xfsprogs is > xfsprogs-3.1.1-10.el6, which is obviously really old. I'm reluctant to > just run a newer version on this production machine; after all I've > once almost brought it down by running xfs_bmap on a heavily > fragmented file. newer metadump should correct that problem, and is a read-only tool, so should be (tm) perfectly safe (tm). You could run it out of a built git repo, via the xfs_db commands. > The question is: can I import this metadata image in a VM and recreate > the metadata image from there, using modern xfsprogs? Will this > preserve most of the relevant information? yes, that would work too. (mdrestore followed by or piped through metadump) If you find significant strings in that result please let me know :) Thanks, -Eric -- To unsubscribe from this list: send the line "unsubscribe linux-xfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
