Linux文件系统
[英]Linux File System
问题描述
I am searching for a way to get all the metadata of the linux file system (ext2/3/4). 
我正在寻找一种获取linux文件系统(ext2 / 3/4)的所有元数据的方法。 The task is to find all the files (deleted/or not deleted) present on the linux partition. 任务是查找linux分区上存在的所有文件(已删除/未删除)。 The metadata of the files should include creation time , modification time etc. (basically what you get from the command istat) 文件的元数据应包括创建时间,修改时间等(基本上是从istat命令获得的内容)
The problem i am facing is regarding the deleted files. 我面临的问题是关于已删除的文件。 I cannot find a way to get the inode of the deleted files currently present on the file system. 我找不到一种方法来获取文件系统上当前存在的已删除文件的索引节点。 Kindly suggest a way to solve this issue for the above mentioned file systems. 请提出一种解决上述文件系统问题的方法。
Thanks in advance. 提前致谢。
1 个解决方案
解决方案1
1 2015-05-25 13:44:19
You may find The Coroner's Toolkit to be quite useful. 您可能会发现《死因裁判官工具包》非常有用。 It includes tools to allow you to view any element of the metadata, directly view inodes, dump out all of the disk sectors that an inode references, dump disk sectors directly, etc. Since you are working with the inodes and sectors directly, it does not matter if they are deleted or not, they are all accessible. 它包含的工具使您可以查看元数据的任何元素,直接查看inode,转储出inode引用的所有磁盘扇区,直接转储磁盘扇区等。由于您是直接使用inode和扇区,因此它确实不管是否删除它们,都可以访问。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.