Tuesday, May 26, 2009

RECOVER EXT3 - Bootstraping the miniproject

Hi,
And now its time for our miniproject. We have decided to have the mini-project with the team , me,midhun,and vijin and vyshakh as usual. As for ever it was really difficult to make decision over what should be the project. Somehow we got the idea of a file recovery tool, and we saw that there is not so much such tools for the ext3 filesystem. Thus another story begins here 'The mini project days'.

We googled for the available documentations over the file recovery in ext3. There were not so docs in bulk, but the available once where capable of keeping the idea alive. We went through the documents of 'ext3grep' and some other saying 'file system forensic' neither of the documents said its easy to recover the lost files but they did say there is chances that the files can be recovered using the details in journal.

As we gone through a number of different documents, almost al of them were discribing the recovery method in some what similar way. All of them were using the tools TSK, foremost etc. Although there is no point in discribing the procedure in those articles here, they do come in the scope of the post. Lets have a higher level look over the structure of the inode of a file and how these articles recover the lost data.
The inode in the ext3 file-system
An image of the disk is created ( from where the file was deleted..).
The inode corresponding to the deleted file has been found.(The tool debugfs can be used for this)
The block group of the inode is obtained from 'imap' in debugfs.
The journal of the file is searched to get the entries for the particular inode in the blockgroup.
The journalled inode data is fetched and if it is of some size near our deleted file, the file is recovered using the tools like 'foremost'.

Here the major threat we faced is that using these tools recovery of a file which has its data present in the single, double and triple indirect pointers is not so easy. There is another problem that it can recover the files with extensions which are defined in the foremost only. Enhancing the foremost for the unavailable extensions is also didn't sound so good to us. As of now we had been on our way to find some simple but robust method that can better recover the file irrespective of the file size.

Then we thought if there was an option to undo the permanent deletion till its not over written then it would have been fine. That means if we are able to make the OS believe that file had not yet been deleted then it would have been easy to tackle this undeletion. Yeah here comes our idea behind the miniproject wich is robust and sound. Re-establishing the previous contents of the inode to itself will do the undeletion till the data is not overwritten. There is tools which will help to get the journal details to recover the datas in an inode at a previous time also to edit the inode, and these tools can be used to start the project and later these can be replaced with our own dedicated code.
And thus here is a turning point.......

6 comments:

Anonymous said...

problems with viagra viagra uterine thickness viagra facts viagra cialis viagra from india free viagra samples before buying buy cheap viagra online uk viagra sales cialis super viagra recreational viagra use where to buy viagra cheap viagra canada effects of viagra on women ship free viagra sample

Anonymous said...

I truly believe that we have reached the point where technology has become one with our world, and I think it is safe to say that we have passed the point of no return in our relationship with technology.


I don't mean this in a bad way, of course! Ethical concerns aside... I just hope that as technology further advances, the possibility of uploading our brains onto a digital medium becomes a true reality. It's a fantasy that I daydream about every once in a while.


(Posted on Nintendo DS running [url=http://www.leetboss.com/video-games/r4i-r4-sdhc-nintendo-ds]R4i[/url] DS QDos)

Anonymous said...

[url=http://seghan.ru/go.php?sid=35][img]http://s003.radikal.ru/i203/1001/17/1008f12c7936.jpg[/img][/url]












[url=http://mitglied.multimania.de/yaaysik/]buy tourney cigarettes [/url]
buy dunhill cigarettes remove cigarette order from a home how to buy cigarettes cheaper
[url=http://mitglied.multimania.de/gdrzigo/]can buy cigarettes [/url]
buy 305's cigarettes buy super mini electronic cigarette order cartons of cigarettes
[url=http://mitglied.multimania.de/rehxicw/]buy cigarettes under [/url]
age for buying cigarettes cigarettes buy on line order french cigarettes
[url=http://usuarios.multimania.es/cmvaule/]buy kretek cigarettes [/url]
age to buy cigaretts in discount mail order cigarettes order quest cigarettes
[url=http://usuarios.multimania.es/fpazvmi/]buy american spirit cigarettes online [/url]
camel cigarettes cheap cigarettes buy online smokeless cigarette buy buy cigarette tips
[url=http://usuarios.multimania.es/eaubahi/]buy cigarettes canada online [/url]
will smokers buy price value cigarettes legal to buy cigarettes from europe where can buy candy cigarettes
[url=http://usuarios.multimania.es/cdreeje/]buying cigarettes online how to [/url]
best places to buy cigarettes buy marlboro cigarettes in buy kool cigarettes

Anonymous said...

You could easily be making money online in the underground world of [URL=http://www.www.blackhatmoneymaker.com]blackhat community[/URL], It's not a big surprise if you haven’t heard of it before. Blackhat marketing uses not-so-popular or not-so-known methods to produce an income online.

Anonymous said...

Post35, http://www.arlo.net/massacree/ viagra online, imjj1, http://www.arlo.net/fccgb/ viagra no prescription, kbtx4, http://www.arlo.net/fccgb/notes/ generic viagra uk, ochx1, http://www.arlo.net/bytes/ cheap viagra online, bphp4, http://www.arlo.net/live/ viagra

Anonymous said...

[url=http://www.casino-online.gd]casinos online[/url], also known as accepted casinos or Internet casinos, are online versions of noted ("buddy and mortar") casinos. Online casinos authorization gamblers to dissemble and wager on casino games lifestyle the Internet.
Online casinos normally interpolate up as a replacement during sales marathon odds and payback percentages that are comparable to land-based casinos. Some online casinos holler on higher payback percentages in the gulp down of m‚level defender games, and some send at generous payout relaxation audits on their websites. Assuming that the online casino is using an correctly programmed unspecific innumerable generator, catalogue games like blackjack suffer with an established billet edge. The payout hold spellbound to regardless of these games are established gone and forgotten the rules of the game.
Heterogeneous online casinos crinkle into public meditate on or discern their software from companies like Microgaming, Realtime Gaming, Playtech, Worldwide Foolhardy Technology and CryptoLogic Inc.