ntfsundelete (belonging to ntfsprogs) makes it possible to do this from Linux.
ntfsundelete -h for help
+++++++++++++++++
ntfsundelete -s, --scan
Search through an NTFS volume and print a list of files that
could be recovered. This is the default action of ntfsun‐
delete. This list can be filtered by filename, size, percent‐
age recoverable or last modification time, using the --match,
--size, --percent and --time options, respectively.
The output of scan will be:
Inode Flags % age Date Size Filename
6038 FN.. 93% 2002-07-17 26629 thesis.doc
┌─────────────────
│Flag Description │
│F/D File/Directory │
│N/R (Non-)Resident data stream │
│C/E Compressed/Encrypted data stream
+++++++++++++++++
Look for deleted files on /dev/hda1.
ntfsundelete /dev/hda1
Look for deleted documents on /dev/hda1.
ntfsundelete /dev/hda1 -s -m '*.doc'
Look for deleted files between 5000 and 6000000 bytes, with at least
90% of the data recoverable, on /dev/hda1.
ntfsundelete /dev/hda1 -S 5k-6m -p 90
Look for deleted files altered in the last two days
ntfsundelete /dev/hda1 -t 2d
Undelete inodes 2, 5 and 100 to 131 of device /dev/sda1
ntfsundelete /dev/sda1 -u -i 2,5,100-131
Undelete inode number 3689, call the file 'work.doc' and put it in the
user's home directory.
ntfsundelete /dev/hda1 -u -i 3689 -o work.doc -d ~
STumbling In Linux Land, STupid and Unlucky Pablo? The tribulations and happy discoveries of a Linux former Newbie, now bit more experienced user
Subscribe to:
Post Comments (Atom)
Blog Archive
-
▼
2011
(91)
-
▼
March
(10)
- Why and how to block JavaScript on your email account
- More privacy when on internet
- Dependency problems with pacman3.5.1
- Create partition backup using SystemRescueCD and F...
- Undelete deleted files on NTFS partition or HD
- Run firefox in a sandbox for more security
- Deluge permission problems storing to ntfs drive
- Test your hd speed
- Pilaunch Dmenu like starter
- Paccheck tools to control mirrors
-
▼
March
(10)
No comments:
Post a Comment