I deleted a directory from an OpenBSD slice from my 2nd HD, and I need
to recover a single file.
I tried : http://myutil.com/2008/1/15/undelete-unrm-for-openbsd-4-2-with-dls
but failed :
# dls /dev/wd1x > /xxx/xx/undelete.bin
Sector offset supplied is larger than disk image (maximum: 0)
Help & thanks.
Which hex editor do you advise?
Should I have to umount the partition before?
the partition is 40 GB size on a secondary disk, OpenBSD old slice,
should I need at least such space (/tmp ?) to open it on the hex editor
from my OpenBSD 4.3?
Thanks!
If I'm not mistaken, openbsd zeroes the data when you delete a file.
I remember trying to recover a file and then receiving a 0Kb file =)
If you still want to try, you could try using the sleuth kit
(available in ports) to recover something.
no, that would be pointless.
--
Henning Brauer, hb@bsws.de, henning@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
For some unknown reason this prompted me to look at the rm manpage for the
hell of it (yeah, bored and tired at the moment). There's an odd comment in
the STANDARDS section which says
"The interactive mode used to be a dsw command, a carryover from the an-
cient past with an amusing etymology."
That piqued my interest further (yeah, still bored and still tired at the
moment) so I googled away and found this tidbit about the mysterious dsw
command: http://dvlabs.tippingpoint.com/blog/2008/03/18/a-bit-of-history
Gord
There is a very nice hex editor specialized in forensics called
WinHex, but it runs on Windows. I don't know if there is an equivalent
tool in the *nix world.
