[olug] forensic data recovery

Rob Townley rob.townley at gmail.com
Wed Dec 8 23:56:09 UTC 2010

On Wed, Dec 8, 2010 at 9:04 AM, Jack <jdunn110 at cox.net> wrote:
> Does anyone on this list do data recovery?
> I had a friend, new to linux but a computer engineering student, working on
> a linux laptop to set up sharing capability with a desktop.  In the process,
> everything in the /home directory on the laptop seems to have disappeared.
>  The last backup was about three weeks ago so it would be nice to recover
> the missing files (although I can reconstruct most of them).
> I'm not sure if it was something my friend inadvertently did or if some
> malware struck.
> Contact me off list if interested.  I'm a hobbyist, so I probably can't
> afford corporate rates for this service.
> Jack
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug

if you mount /home/ to someplace else, this is exactly what will
happen, the good news is that commenting out that mount entry in
/etc/fstab, then voila, everything comes back.  Post /etc/fstab to the
list.  If he also posts all the SANITIZED output from the history
command, then we may be better able to tell exactly what he did.
Remove the passwords.

For instance, say you change your profile to mount a network share
with the name /home/, the original stuff is not deleted, just masked.

Another thing to try is to go into single user mode (init 1) and see
if /home/* comes back.

More information about the OLUG mailing list