If you know a little about operating systems then I’m sure you’ve heard of Linux, a favourite amongst security-savvy users and programmers. The default file system in Linux is known to be intolerant but the operating system is robust and, by using the methods described in this post, you will be able to recover any data that you may have either lost or accidentally deleted.
Deleting Files In Linux
Deleting a file in Linux is very easy – you simply right-click on the file icon that you wish to get rid of and then click the “Delete” option in the context menu. Alternatively, if you are working from the command console or terminal, then the delete command is “rm” for remove. The “rm” command accepts a number of parameters which can be both unsafe and/or extraordinarily useful.
The potentially most dangerous parameter pair is “rm -rf” which deletes everything inside the specified folder. The problem with this command is that it doesn’t ask you to confirm the deletion of each file, meaning that you can accidentally delete the entire File system. Unlike Windows, there is no recycle bin in Linux, so if you delete a file then it will be gone from your hard drive for good.
Recovering Files In Linux
One of the big positives with Linux is the fact that it is highly customisable. With that in mind, there is the ability to add a recycle bin – you simply add an alias in a user’s home directory, that overrides the rm command.
The alias to be used in this instance is –
alias rm=’mv –target-directory=$HOME/.Trash’
What this does is change the rm command into a mv (move) command. It then sends any files that are removed to the .Trash directory in the user’s home folder instead of deleting them permanently. It may not be the perfect solution but it is effective.
‘File Carving’ is another technique that can be used in Linux. This application will parse the hard disk for the leading and trailing bits of a file which it then uses to identify the file type and group together the deleted file on the disk. It is a reliable technique and one that is used in forensic data recovery.
You can use 3 main application for file carving –
In a console window you enter the application’s name, followed by the hard drive partition’s name found by using the “fdisk -l” command.
By employing the two methods above you should be able to delete or recover Linux files in most situations.