How to recover data from a messed up drive (LVM written on top of Ext4)?

data-recovery ext4

Solution 1:

If you run mkfs.ext4 -n /the/partition it will print out what a EXT4 formatted drive would look like on that system.

# mkfs.ext4 -n /dev/dm-3
mke2fs 1.42.8 (20-Jun-2013)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
3276800 inodes, 13107200 blocks
655360 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=4294967296
400 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks: 
    32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 
    4096000, 7962624, 11239424

Of note is that it will tell you where the superblock locations are.

Using this information, attempt to mount the drive using an alternative superblock..

mkdir /tmp/mntpnt
mount -o ro,sb=163840 /dev/dm-3 /tmp/mntpnt

Providing only the headers of the partition were destroyed this may work.

If that doesn't work however, you can try to fix the filesystem using fsck.ext4 by specifying the superblock address. Backup the data with dd or something before you do this.

fsck.ext4 -b 163840 /dev/dm-3

This may just end up overwriting the bad superblock with one of the known good ones, which could be enough to get the entire disk remounted. Then again you may lose key inodes (like your root filesystem inode). Mileage may vary.

Solution 2:

I would give the UFS Explorer demo a try to see what it can detect... It's my go-to utility for filesystem recovery. I once had an XFS partition with 4 million files accidentally deleted and used this utility to recover the data.

But outside of that, it's a learning experience and a chance to test your backup routine. Sorry for the loss.

Solution 3:

The first step in any recovery operation is to make a copy of the data, and perform the recovery on the copy. Once you've done that, you can attempt to recover the data.

Depending on what exactly the admin did, the most likely damage is that the partition table has been corrupted, the volume's primary superblock has been corrupted, or both. You can re-build the partition table using fdisk: simply create a new partition table with the same setup as the original. Make sure you get the type (MBR or GPT) right. e2fsck -b will let you perform a filesystem repair using one of the secondary copies of the superblock, or in the unlikely event that they've all been corrupted, mke2fs -S will re-create the metadata structure without touching the data.

Related

Which STONITH hardware for power fencing?
Ways of saying "to get into a relationship."
Visudo Gives no Error but asks "What Now?"
In a Windows PKI, what is a Workstation Authentication CA Template used for? What happens if it expires?
Nagios - Could not complete SSL handshake
Is it possible to set up a reverse DNS record on AWS for address from a different registrar?
Can a backup mx server be configured to reject email submissions if it can connect to the primary mx?
Can a DNS client distinguish if the answer they received was based on a wildcard record or a specific match?
Why does Chrome complain about "obsolete cryptography"?
Is it possible combine remote results to local a register in Ansible?
How to reset glusterd configuration?
Is "Peering" in networking, always exchanged directly?