[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: HELP: want to recover /usr/local



On Mon, 2004-10-04 at 00:52, Sathish S. Vadhiyar wrote:
> Hi,
> 
> I accidentally removed /usr/local on a machine. This was where I was
> having all 3rd-party software. Moreover this was serving as NFS filesystem
> for other machines in my cluster. I still haven't rebooted the system. Is
> there any magical way in fedora to restore the directory? ANy help will be
> GREATLY appreciated.

Satish,

What you really need is the help of a computer forensics analyst,
preferably one who has successfully completed the SANS Track 8 course.

However, if someone with those skills is not available and you must do
it yourself, you will need The Sleuth Kit set of tools (specifically the
icat tool) from http://sleuthkit.sourceforge.net. Be advised that these
are powerful -- and unforgiving -- tools. Used incorrectly they can do
very serious damage to your system. There is a web front-end to TSK
called Autopsy that makes recovery (or total destruction) a lot easier.

Two other tools you might also use are lazarus and foremost
(http://sourceforge.net/projects/foremost). If any of the file types you
are trying to recover are not recognized by the 'files' utility, check
http://www.wotsit.org and add their header specs to the foremost.conf
file.

Good luck.

-- Doc 
Robert G. (Doc) Savage, BSE(EE), CISSP, RHCE | Fairview Heights, IL
Fedora Core 1 kernel 2.4.22-1.2199.nptl on P-III/M IBM Thinkpad A22p
"Perfection is the enemy of good enough."
                         -- Admiral of the Fleet Sergei G. Gorshkov


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]