{"id":1450,"date":"2014-01-05T18:39:38","date_gmt":"2014-01-05T16:39:38","guid":{"rendered":"http:\/\/netspider.com.ua\/?p=1450"},"modified":"2014-01-05T18:39:38","modified_gmt":"2014-01-05T16:39:38","slug":"recovering-currently-opened-deleted-file-on-freebsd","status":"publish","type":"post","link":"https:\/\/netspider.com.ua\/index.php\/2014\/01\/05\/recovering-currently-opened-deleted-file-on-freebsd\/","title":{"rendered":"\u0412\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u0433\u043e \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0438\u0437 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0444\u0430\u0439\u043b\u0430 \u043d\u0430 FreeBSD"},"content":{"rendered":"<p>\u0412\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0444\u0430\u0439\u043b, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0443\u0434\u0430\u043b\u0435\u043d, \u043d\u043e \u0435\u0449\u0435 \u043e\u0442\u043a\u0440\u044b\u0442 \u043a\u0430\u043a\u0438\u043c-\u0442\u043e \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u043c, \u043c\u043e\u0436\u043d\u043e \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 \u043d\u0430\u0431\u043e\u0440\u0430 \u0443\u0442\u0438\u043b\u0438\u0442 Sleuth Kit (<a href=\"https:\/\/www.sleuthkit.org\">www.sleuthkit.org<\/a>).<\/p>  <p>1. \u043d\u0443\u0436\u043d\u043e \u0443\u0437\u043d\u0430\u0442\u044c \u043d\u043e\u043c\u0435\u0440 \u0438\u043d\u043e\u0434\u044b, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0438\u043c\u0435\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0439 \u0444\u0430\u0439\u043b:<\/p>  <pre class=\"brush: bash; auto-links: true; collapse: false; first-line: 1; gutter: true; html-script: false; light: false; ruler: false; smart-tabs: true; tab-size: 4; toolbar: true;\">~&gt; lsof +aL1 \/<\/pre>\n\n<p>\u0412\u043c\u0435\u0441\u0442\u043e \/ \u043d\u0443\u0436\u043d\u043e \u0443\u043a\u0430\u0437\u0430\u0442\u044c \u0440\u0430\u0437\u0434\u0435\u043b, \u0433\u0434\u0435 \u0431\u044b\u043b \u0444\u0430\u0439\u043b (\u0438\u043b\u0438 \u043f\u043e\u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043d\u0430 \u0432\u0441\u0435 \u0440\u0430\u0437\u0434\u0435\u043b\u044b, \u0435\u0441\u043b\u0438 \u043d\u0435 \u0437\u043d\u0430\u0435\u0442\u0435, \u0432 \u043a\u0430\u043a\u043e\u043c \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0439 \u0444\u0430\u0439\u043b. \u041f\u0440\u0438\u043c\u0435\u0440 \u0432\u044b\u0432\u043e\u0434\u0430:<\/p>\n\n<pre class=\"brush: bash; auto-links: true; collapse: false; first-line: 1; gutter: true; html-script: false; light: false; ruler: false; smart-tabs: true; tab-size: 4; toolbar: true;\">~&gt; lsof +aL1 \/home\nCOMMAND   PID USER   FD   TYPE DEVICE SIZE\/OFF NLINK NODE NAME\nless    29154 root    4r  VREG   0,87        8     0 33043586 \/home (\/dev\/ad0p7)<\/pre>\n\n<p>2. \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0439\u0442\u0435 \u0443\u0442\u0438\u043b\u0438\u0442\u0443 icat, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043e\u0442\u043a\u0440\u043e\u0435\u0442 \u0444\u0430\u0439\u043b \u043f\u043e \u043d\u043e\u043c\u0435\u0440\u0443 \u0438\u043d\u043e\u0434\u044b:<\/p>\n\n<pre class=\"brush: bash; auto-links: true; collapse: false; first-line: 1; gutter: true; html-script: false; light: false; ruler: false; smart-tabs: true; tab-size: 4; toolbar: true;\">~&gt; icat -r \/dev\/ad0p7 33043586 &gt; \/path\/to\/new-filename<\/pre>\n\n<p>\u0415\u0441\u043b\u0438 \u0432\u044b \u0437\u043d\u0430\u0435\u0442\u0435 \u0438\u043c\u044f \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0430, \u0433\u0434\u0435 \u043e\u0442\u043a\u0440\u044b\u0442 \u0444\u0430\u0439\u043b, \u0435\u0433\u043e \u0438\u043c\u044f \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u0438\u0437 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0430 (\u043f\u043e\u043a\u0430 \u0444\u0430\u0439\u043b \u043e\u0442\u043a\u0440\u044b\u0442 \u0438 \u043d\u0435 \u0443\u0434\u0430\u043b\u0435\u043d \u043e\u043a\u043e\u043d\u0447\u0430\u0442\u0435\u043b\u044c\u043d\u043e):<\/p>\n\n<pre class=\"brush: bash; auto-links: true; collapse: false; first-line: 1; gutter: true; html-script: false; light: false; ruler: false; smart-tabs: true; tab-size: 4; toolbar: true;\">cat \/home\/work | strings<\/pre>\n\n<p>\/home\/work &#8212; \u044d\u0442\u043e \u043a\u0430\u0442\u0430\u043b\u043e\u0433. \u041d\u043e \u0438\u0437 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u043e\u0439 \u0431\u0435\u043b\u0438\u0431\u0435\u0440\u0434\u044b \u0435\u0449\u0435 \u043d\u0443\u0436\u043d\u043e \u0443\u0434\u0430\u043b\u0438\u0442\u044c \u0441\u0438\u043c\u0432\u043e\u043b\u044b \u0432\u0438\u0434\u0430 \u201c^X\u201d \u0438 \u0438\u043c\u0435\u043d\u0430 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0444\u0430\u0439\u043b\u043e\u0432. \u0411\u043e\u043b\u0435\u0435 \u044d\u043b\u0435\u0433\u0430\u043d\u0442\u043d\u044b\u0439 \u0441\u043f\u043e\u0441\u043e\u0431:<\/p>\n\n<pre class=\"brush: bash; auto-links: true; collapse: false; first-line: 1; gutter: true; html-script: false; light: false; ruler: false; smart-tabs: true; tab-size: 4; toolbar: true;\">~&gt; ls -1ai \/home\/\n33044046 work\/\n\n~&gt; fls -dF \/dev\/ad0p7 33044046\nr\/r * 33043586(realloc):        testme<\/pre>\n\n<p>\u0412 \u043f\u0435\u0440\u0432\u043e\u0439 \u043a\u043e\u043c\u0430\u043d\u0434\u0435 \u044f \u0443\u0437\u043d\u0430\u043b \u043d\u043e\u043c\u0435\u0440 \u0438\u043d\u043e\u0434\u044b \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0430 \/home\/work, \u0437\u0430\u0442\u0435\u043c \u0432\u044b\u0432\u0435\u043b \u0432\u0441\u0435 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b. testme \u2013 \u0442\u043e\u0442 \u0441\u0430\u043c\u044b\u0439 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u0444\u0430\u0439\u043b, \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0439 \u0432 less\u2019\u0435.<\/p>\n\n<pre class=\"brush: bash; auto-links: true; collapse: false; first-line: 1; gutter: true; html-script: false; light: false; ruler: false; smart-tabs: true; tab-size: 4; toolbar: true;\">\/home\/ports\/sysutils\/sleuthkit\n\/home\/ports\/sysutils\/lsof<\/pre>","protected":false},"excerpt":{"rendered":"\u0412\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0444\u0430\u0439\u043b, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0443\u0434\u0430\u043b\u0435\u043d, \u043d\u043e \u0435\u0449\u0435 \u043e\u0442\u043a\u0440\u044b\u0442 \u043a\u0430\u043a\u0438\u043c-\u0442\u043e \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u043c, \u043c\u043e\u0436\u043d\u043e \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 \u043d\u0430\u0431\u043e\u0440\u0430 \u0443\u0442\u0438\u043b\u0438\u0442 Sleuth Kit (www.sleuthkit.org). 1. \u043d\u0443\u0436\u043d\u043e \u0443\u0437\u043d\u0430\u0442\u044c \u043d\u043e\u043c\u0435\u0440 \u0438\u043d\u043e\u0434\u044b, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0438\u043c\u0435\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0439 \u0444\u0430\u0439\u043b: ~&gt; lsof +aL1 \/ \u0412\u043c\u0435\u0441\u0442\u043e \/ \u043d\u0443\u0436\u043d\u043e \u0443\u043a\u0430\u0437\u0430\u0442\u044c \u0440\u0430\u0437\u0434\u0435\u043b, \u0433\u0434\u0435 \u0431\u044b\u043b \u0444\u0430\u0439\u043b (\u0438\u043b\u0438 \u043f\u043e\u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043d\u0430 \u0432\u0441\u0435 \u0440\u0430\u0437\u0434\u0435\u043b\u044b, \u0435\u0441\u043b\u0438 \u043d\u0435 \u0437\u043d\u0430\u0435\u0442\u0435, \u0432 \u043a\u0430\u043a\u043e\u043c \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0439 \u0444\u0430\u0439\u043b.\u2026 <span class=\"read-more\"><a href=\"https:\/\/netspider.com.ua\/index.php\/2014\/01\/05\/recovering-currently-opened-deleted-file-on-freebsd\/\">\u0427\u0438\u0442\u0430\u0442\u044c \u0434\u0430\u043b\u0435\u0435 &raquo;<\/a><\/span>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1435,48,1709,1259,1194,1710,1711,1440],"class_list":["post-1450","post","type-post","status-publish","format-standard","hentry","category-main","tag-file","tag-freebsd","tag-inode","tag-recovery","tag-system","tag-ufs2","tag-vosstanovlenie","tag-fajl"],"_links":{"self":[{"href":"https:\/\/netspider.com.ua\/index.php\/wp-json\/wp\/v2\/posts\/1450","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/netspider.com.ua\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/netspider.com.ua\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/netspider.com.ua\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/netspider.com.ua\/index.php\/wp-json\/wp\/v2\/comments?post=1450"}],"version-history":[{"count":1,"href":"https:\/\/netspider.com.ua\/index.php\/wp-json\/wp\/v2\/posts\/1450\/revisions"}],"predecessor-version":[{"id":1451,"href":"https:\/\/netspider.com.ua\/index.php\/wp-json\/wp\/v2\/posts\/1450\/revisions\/1451"}],"wp:attachment":[{"href":"https:\/\/netspider.com.ua\/index.php\/wp-json\/wp\/v2\/media?parent=1450"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/netspider.com.ua\/index.php\/wp-json\/wp\/v2\/categories?post=1450"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/netspider.com.ua\/index.php\/wp-json\/wp\/v2\/tags?post=1450"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}