A Program to Recover Deleted RSX-11 Disk Files. User's Manual and Installation Guide. Lawrence M. Baker. Open-File Report 86-375



Similar documents
Windows 8 Backup, Restore & Recovery By John Allen

How to protect, restore and recover Exchange 2003 and Exchange 2007 databases

User Authentication Job Tracking Fax Transmission via RightFax Server Secure Printing Functions HDD/Memory Security Fax to Ethernet Connection Data

IBM Client Security Solutions. Client Security User's Guide

Active Directory 2008 Operations

User Authentication Job Tracking Fax Transmission via RightFax Server Secure Printing Functions HDD/Memory Security Fax to Ethernet Connection

Windows NT File System. Outline. Hardware Basics. Ausgewählte Betriebssysteme Institut Betriebssysteme Fakultät Informatik

Security Service tools user IDs and passwords

Bank Reconciliation Import BR-1005

Accounts Receivable System Administration Manual

Outline. Windows NT File System. Hardware Basics. Win2K File System Formats. NTFS Cluster Sizes NTFS

DIGIPASS CertiID. Getting Started 3.1.0

Windows BitLocker Drive Encryption Step-by-Step Guide

How To Backup A Database In Navision

POLYCENTER Software Installation Utility Developer s Guide

UNDELETE Users Guide

Sales Order Changes Tracked for PO-1020 SO-1459

StarWind iscsi SAN Software: Implementation of Enhanced Data Protection Using StarWind Continuous Data Protection

EDI Advantage Integration SO-1184

Adagio Invoices. Version 9.1A First Edition. All product names mentioned are trademarks or service marks of their respective owners.

HP External Hard Disk Drive Backup Solution by Seagate User Guide. November 2004 (First Edition) Part Number

BrightStor ARCserve Backup for Windows

Microsoft Exchange 2003 Disaster Recovery Operations Guide

Mailbox Recovery for Microsoft Exchange 2000 Server. Published: August 2000 Updated: July 2002 Applies To: Microsoft Exchange 2000 Server SP3

Raidtec CS3102 Release Notes

Repetitive Invoice Event Log AR-1226

Chapter 13 File and Database Systems

Chapter 13 File and Database Systems

Document Management System

Clickfree Software Frequently Asked Questions (FAQ)

i5/os and related software Distributing software

IBM DB Backup and Recovery Hands-On Lab. Information Management Cloud Computing Center of Competence. IBM Canada Lab

How to protect, restore and recover SQL 2005 and SQL 2008 Databases

TheFinancialEdge. Administration Guide

Creating Interactive PDF Forms

your Apple warranty; see There are two main failure modes for a mirrored RAID 1 set:

How to Time Stamp PDF and Microsoft Office 2010/2013 Documents with the Time Stamp Server

Retrieving Data from Apple ios Devices Using XRY

Symantec Backup Exec System Recovery Granular Restore Option User's Guide

Enhanced Indented Bill of Materials Report BM-1023

Amicus Attorney - PCLaw Link Guide

ATX Document Manager. User Guide

UNDELETE Users Guide

COMPUTER FORENSICS. DAVORY: : DATA RECOVERY

4 Backing Up and Restoring System Software

BrightStor ARCserve Backup for Windows

Quick Start Program Advanced Manual ContactWise 9.0

Paperless Office: Sales Order Invoices SO-1437

JD Edwards World. Database Audit Manager Release A9.3 E

Integrating Data Protection Manager with StorTrends itx

Full Disk Encryption Agent Reference

3M Command Center. Installation and Upgrade Guide

Upgrading a Microsoft Dynamics NAV 2009 R2 or Microsoft Dynamics NAV 2009 SP1 Database to Microsoft Dynamics NAV 2015

Attix5 Pro Disaster Recovery

Accounts Receivable User Manual

Backup and Disaster Recovery Restoration Guide

BrightStor ARCserve Backup

Administrator's Guide

Clickfree Software User Guide

Security Planning and setting up system security

EMC RepliStor for Microsoft Windows ERROR MESSAGE AND CODE GUIDE P/N REV A02

Ingres Backup and Recovery. Bruno Bompar Senior Manager Customer Support

NDSR Utilities. Creating Backup Files. Chapter 9

ProficyTM. HMI/SCADA - ifix I MPLEMENTING S ECURITY

TheFinancialEdge. Administration Guide

inforouter Version 8.0 Administrator s Backup, Restore & Disaster Recovery Guide

DSK MANAGER. For IBM iseries and AS/400. Version Last Updated September Kisco Information Systems 7 Church Street Saranac Lake, NY 12983

Impact+OCR 1.1 Readme

Future Technology Devices International Ltd. Mac OS X Installation Guide

DMS Performance Tuning Guide for SQL Server

ProSystem fx Engagement

Getting Started with Paragon Recovery CD. Quick Guide

EMC Smarts. Installation Guide for SAM, IP, ESM, MPLS, NPM, OTM, and VoIP Managers. Version 9.4 P/N REV 01

A/P Payment Selection Based on A/R Cash Receipts AP-1108

Image Verification. Finding Feature Information. Restrictions for Image Verification

ADP Workforce Now Security Guide. Version 2.0-1

Accounts Payable User Manual

Gladinet Cloud Backup V3.0 User Guide

CA Endevor Software Change Manager

PERFORMANCE EVALUATION AUDIT CHECKLIST EXAMPLE. EIIP Volume VI

Xcalibur Global Version 1.2 Installation Guide Document Version 3.0

Seagate Manager. User Guide. For Use With Your FreeAgent TM Drive. Seagate Manager User Guide for Use With Your FreeAgent Drive 1

FileNet P8 Platform Directory Service Migration Guide

NSS Volume Data Recovery

UNDELETE 7.0 USER GUIDE

Data Collection Agent for Active Directory

Amicus Small Firm Accounting: Frequently Asked Questions

LTS/OnGuard The VOS security solution. Concepts and Facilities. Transaction Design, Inc.

Percona Server features for OpenStack and Trove Ops

FORENSIC ANALYSIS OF USB MEDIA EVIDENCE. Jesús Alexander García. Luis Alejandro Franco. Juan David Urrea. Carlos Alfonso Torres

Up-to-the-minute Data Protection

Software License Registration Guide

Overview. Business value

SAS Business Data Network 3.1

Over-the-top Upgrade Guide for Snare Server v7

EMC NetWorker Module for Microsoft for Windows Bare Metal Recovery Solution

CommVault Simpana Archive 8.0 Integration Guide

ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference. May 2016

Transcription:

UNITED STATES GEOLOGICAL SURVEY UNDELETE A Program to Recover Deleted RSX-11 Disk Files User's Manual and Installation Guide Lawrence M. Baker Open-File Report 86-375 This report is preliminary and has not been reviewed for conformity with U. S. Geological Survey editorial standards and stratigraphic nomenclature. Any use of trade names is for descriptive purposes only and does not imply endorsement by the USGS. DEC, PDF, and RSX are trademarks of Digital Equipment Corporation. Although this program has been tested by the Geological Survey, United States Department of the Interior, no warranty, expressed or implied, is made by the Geological Survey as to the accuracy and functioning of the program and related program material nor shall the fact of distribution constitute any such warranty, and no responsibility is assumed by the Geological Survey in connection therewith. 1986

Abstract Undelete is a non-privileged utility program for the in-place restoration of accidentally deleted disk files for the DEC PDP-11 RSX-family operating systems. Files are restored based on a user-specifed search pattern, which provides a flexible means of wild card matching by character or by field within a file specification. A dry run option is available to identify candidates for restoration without actually modifying the disk file structure. 1.0 Introduction Undelete is a non-privileged utility program for the in-place restoration of accidentally deleted disk files. It operates by scanning through the index file looking for deleted file headers that match its search criteria, and, with the assistance of the standard RSX-11 Volume Verification Utility utility (VFY), undoing the deletion operation. Since it is always risky tampering with the on-disk structure on a live system, Undelete should be considered a last resort to recover files that would be too costly or impossible to recover any other way. It has, however, been used to recover an entire system disk deleted with a PIP wild card specification, and also to recover an entire directory on the system disk while the system was running. 2.0 Search Patterns Files to be recovered are specified using a search pattern of the form: [group, member] name. type; version What looks like a User File Directory (UFD) specification is really the file owner's User Identification Code (UIC), since the file header contains only ownership information, with no back links to the directory which points to the file. In most cases the UFD and file owner's UIC will be the same, so the confusion should be minimal. The rules for constructing the search pattern are: 1. A question mark or asterisk will match any single character. 2. Stem searches are performed for the file name and type fields (i.e., the file name FILE is transformed to FILE????? for searching). 3. For the numeric fields, leading zeroes are prepended for searching if at least one of the specified characters is a digit (e.g., [?0,*] is transformed to [0?0,???] for the owning UIC field). Page 1

4. Any unspecified or null fields default to a wild card search (e.g., [100,] is equivalent to [100,*], etc.). NOTE The special version numbers, 0 and -1, are not supported. For example: 1. To recover all the.ftn files owned by [100,2], specify the search pattern [100, 2] *.FTN. 2. To recover all files beginning with BP2 owned by any account, you may simply specify BP2. 3. To recover all files owned by [1,54] and [3,54], specify the search pattern [0?,54] (on the assumption that we won't find much in the other directories with single digit group numbers). Note that [?,54] will not work in this case, since it will be treated as [???,054] instead of [007,054]. Whenever a matched file header is found, its file I.D. is printed, along with a PIP-like listing of the file owner, file specification, size and creation date. This information will be helpful in returning the file to the proper directory (usually the owner's UFD). 3.0 Recovery Procedure The procedure to follow is: 1. Log on to a privileged account, if necessary, preferably on a hardcopy terminal. 2. Immediately halt all activity on the disk selected for file recovery and dismount it. 3. Allocate the disk to yourself and mount it with the index file unlocked. 4. Run Undelete and provide the name of the disk and the search pattern. Take the dry run option first (with the disk write locked, if you wish) to make sure the proper files will be recovered. 5. Run the VFY update and lost file scan options with the scratch files directed to another disk. The listing file may get rather lengthy if lots of disk blocks were deleted, so you may want to send the listing to another disk or ML:. 6. Rename the recovered files from [1,3] to their proper directories. Page 2

Warning Recover all files before renaming, or copy them to another medium one directory at a time. If the UFD is not large enough to hold all the directory entries, it will be extended to accomodate the new directory entries, which could write over one of the files yet to be recovered. If there are extra recovered files that you want to delete, be sure to rebuild the volume bit map again to take care of doubly allocated disk blocks before returning it to service. Warning The version numbers that VFY uses to place these lost files into [1,3] may not be the same as the ones the files had originally. Be sure to examine the creation date or the contents of the files themselves before deciding which files to keep and which to purge. 8. Always verify the disk one last time before putting it back on-line! 9. When you are satisfied everything is OK, return the disk back to its original state (PUBLIC, /-UNL, etc.). 4.0 MCR and DCL Command Summary The appropriate MCR and DCL commands to perform the above steps are: MCR >ASN ddnn:=sy: >SET /UIC=[1,3] >DMO ddnn: [/DEV] >ALL ddnn: >MOU ddnn:.../unl >RUN Undelete >VFY TI:,LB:=ddnn:/UP >VFY TI:,LB:=ddnn:/LO >PIP badfile.typ;ver/de >PIP [g,m]/re=goodfile.typ >VFY TI:,LB:=ddnn:/RE >VFY TI:,LB:=ddnn:/UP DCL $ Set Default ddnn:[1,3] $ Dismount ddnn: [/System] $ Allocate ddnn: $ Mount ddnn:... /Unlock $ Run Undelete $ MCR VFY TI:,LB:=ddnn:/UP $ MCR VFY TI:,LB:=ddnn:/LO $ Delete badfile.typ;ver $ Rename goodfile.typ [g,m]*.* $ MCR VFY TI:,LB:=ddnn:/RE $ MCR VFY TI:,LB:=ddnn:/UP Page 3

>VFY TI:,LB:=ddnn: >DMO ddnn: >DEA ddnn: >MOU ddnn:... $ MCR VFY TI:,LB:=ddnn $ Dismount ddnn: $ Deallocate ddnn: $ Mount ddnn:.. Replace the elipses above with the mount options appropriate to your system, such as /OVR/PUB/ACP=UNIQUE for MCR or the equivalent DCL options /Override:Identification/System/Processor:Unique. Also, include the /PUB or /System option on the initial dismount command for public volumes, as is shown below. 5.0 Sample Run In the sample printout below, the user response to Undelete's prompts are underlined. Any output messages from the RSX utilities or commands is not reproduced. (This is only a sample, not an copy of an actual restoration.) $ Set Default DR3: [1,3] $ Dismount DR3: /System $ Allocate DR3: $ Mount DR3: /Override:Identification/Processor:Unique $ Run Undelete Do you want a dry run (no disk modifications attempted) [Y/N,CR=Y]? U Enter disk name (ddnn:) DR3: Index file bitmap size (H.IBSZ) : Maximum number of files (H.FMAX) : 10 ( 8.) 74075 (30781.) Enter search pattern ( [grp, mem] name. typ; version, CR=al 1) Undelete. * Search pattern: ( 21433, ( 22741, ( 36247, ( 36616, ( 36730, ( 36772, ( 36773, Total of 141) 66) 15) 11) 2) 2) 2) [100,001] UNDELETE 7. files recovered..doc ; 000056.IMP ; 000001.DOC; 000035.IMP ; 000001.IMP ;000001.IMP; 000001.DOC; 000037 156. 51. 51. 41. 64. 48. 59. You must run the VFY utility to complete the recovery of the disk VFY>TI:, LB: =DR3: /UP VFY>TI:,LB:=DR3:/LO $ MCR VFY TI:,LB:=DR3:/UP $ MCR VFY TI:,LB:=DR3:/LO $ Delete Undelete.trap;* $ Purge Undelete.doc Page 4 05-JUN-86 15:21 05-JUN-86 15:21 04-JUN-86 14:42 04-JUN-86 14:42 04-JUN-86 13:22 04-JUN-86 16:13 04-JUN-86 16:14

$ Rename Undelete.doc [100,307] $ MCR VFY TI $ MCR VFY TI,LB:=DR3:/UP,LB:=DR3:/RE $ MCR VFY TI,LB:=DR3: $ Dismount DR3: $ Deallocate DR3: $ Mount DR3: /System/Override:Identi fication/processor:unique 6.0 Acknowledgements I would like to thank Jon Berger for the circumstances that necessitated writing Undelete, Richard Sipura for inspiring me to update it and finally write it up, and to my reviewers, Tim MacDonald and Gary Maxwell. 7.0 References 1. IAS/RSX-11 I/O Operations Reference Manual (Order No. AA-M176A-TC), Appendix A, "File Descriptor Block", Appendix E, "Index File Format", and Appendix F, "File Header Block Format". 2. RSX-11M/M-PLUS Utilities Manual (Order No. AA-L681A-TC), Chapter 9, "File Structure Verification Utility (VFY)". 3. Baker, Lawrence M., 1986, Undelete: A Program to Recover Deleted RSX-11 Disk Files, Program Logic Manual: U. S. Geological Survey Open-File Report 86-418. 30 p. Page 5

APPENDIX A Installation Guide Undelete is a non-privileged program written in PDP-11 Fortran-77 (it needs 32-bit integer arithmetic). The supplied task image should run under any RSX-family operating system (it is built for an RSX-11M system without floating point hardware). Undelete does not use the MCR get command line feature so there is no reason to install Undelete permanently. The files required to re-compile Undelete are: Fortran-7? source module: Undelete.ftn Include files: IdxDef.ftn Index file offset definitions HomDef.ftn Home block offset definitions HdrDef.ftn File header block offset definitions To re-compile: MCR DCL >F77 Undelete,Undelete/-sp=Undelete $ Fortran/F77 Undelete /List To re-task build: MCR DCL >TKB Undelete,Undelete/-sp=Undelete $ Link Undelete /Map or >FTB Undelete,Undelete/-sp=Undelete $ Link/Fast Undelete /Map assuming that the Fortran-77 OTS has been merged into the system object library file, LB: [1,1] SysLib. olb. (The supplied command file, Undelete.cmd, will re-compile and re-task build the program using FTB if it is installed; otherwise it uses TKB.) Undelete uses QIOs to manipulate the index file and normal Fortran Read Page A-l

Installation Guide and Write statements for terminal I/O, so either the FCS or the RMS version of the Fortran-77 OTS can be used. Only one active file is actually needed: the terminal on unit 5. See the comments in the code (labelled "NOTE") and the discussion in the Program Logic Manual for possible modifications. (There should not be any required to run on an RSX-11M V3.1 system, on an RSX-llM-Plus V2.1 system, or on a VAX/VMS system in compatibility mode.) Page A-2

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information