Bonehead Move
Kwan Lowe
kwan at digitalhermit.com
Fri Feb 23 12:16:25 UTC 2007
On 2/13/07, Tod <tod at stthomasepc.org> wrote:
>> I love cutting and pasting to and from my xterm. This time however I
>> cut and pasted a preceding space from the directory name I was trying to
>> rm -fr. Thus I ended up doing rm -fr ./ mydir. Goodbye home dir.
>>
>> I quickly shut down and imaged the hard drive onto another server.
>> Doing a little research I discovered I could mount the image using a
>> loopback device. I wanted to try running foremost or some other tool to
>> see what I could recover.
>>
>> I got the loopback working and can see all the partitions in the image.
>> Since its a volume managed device I'm now stuck. I can see the
>> partitions but I can't think of how to get around the lvm part to mount
>> them and see the actual contents. I'm not that lvm proficient quite yet.
It may be as simple as making the vg and lv available. Do a pvscan and lvscan. When
you see the volume group, do a "vgchange -a your_vol_groupname". This will make the
lv available in /dev/your_vol_groupname/your_lv_name. You can then mount it or use
forensic tools to try to extract. Make sure to mount it read-only.
--
* The Digital Hermit http://www.digitalhermit.com
* Unix and Linux Solutions kwan at digitalhermit.com
More information about the fedora-list
mailing list