Data Recovery on Linux and ext3

by Abe Getchell
Sept. 15, 2017 2 comments Symantec Management

This article discusses the process of recovering deleted data from an ext3 partition, on a system running Linux, using a process called data carving. This basic technique is useful in any number of situations, such as recovering data that has been accidentally deleted by a user, information removed in an attempt to erase signs of a system intrusion that could be used to track the source, or data erased by an end-user attempting to cover up an acceptable use policy infraction. This article assumes that you have a basic understanding of ext3 and the inner workings of filesystems. It is important to note that there is a certain amount of risk associated with this process. When performed improperly, the data you are attempting to recover, or other data stored on the system, could be permanently lost. While this technique is quite accurate most of the time, and very useful in any number of different situations, it is not "forensically sound" and will not hold up legally for use in court.

https://www.symantec.com/connect/articles/data-recovery-linux-and-ext3

Avatar
2flash 2 months, 3 weeks ago

Data recovery on Linux is not that hard to do as people would believe it... such articles are a great source of information in doing it safely.

Reply
Avatar
Steven Ulm 2 months, 4 weeks ago

I partially agree with the presented solution. Linux is very stable so a lot can be "played" with and "experimented" on it :)

Reply