Linux File System

0
votes

I am searching for a way to get all the metadata of the linux file system (ext2/3/4). The task is to find all the files (deleted/or not deleted) present on the linux partition. The metadata of the files should include creation time , modification time etc. (basically what you get from the command istat)

The problem i am facing is regarding the deleted files. I cannot find a way to get the inode of the deleted files currently present on the file system. Kindly suggest a way to solve this issue for the above mentioned file systems.

Thanks in advance.

1
linuxext4ext3ext2

1 Answers

1
votes

You may find The Coroner's Toolkit to be quite useful. It includes tools to allow you to view any element of the metadata, directly view inodes, dump out all of the disk sectors that an inode references, dump disk sectors directly, etc. Since you are working with the inodes and sectors directly, it does not matter if they are deleted or not, they are all accessible.