Ontrack Data Recovery

Resources > Unix and Linux Data Recovery

Unix and Linux Data Recovery

 
Free Quote Request
Submit Help Request
UK 0800 243 996
Ireland 1800 930 183
UK 01372 741 999
Untitled Document

Kroll Ontrack engineers have the expertise and experience to recover data from your UNIX and Linux systems, be it simple terminal or a RAID 5 server.

Whatever the data loss situation, Kroll Ontrack have the most advanced tools and techniques in the industry and here is a small sample of the types of problems we regularly recover:

  • Kernel panics and unbootable machines
  • Deleted or Formatted partitions
  • Deleted or missing files and folders
  • Corrupted unmountable file systems
  • System crashes and FSCK failures
  • Lost/ Damaged RAID configurations

Background - UNIX/Linux data recovery - File Systems explained

Background

  • UNIX
    UNIX is a multi-user, multi-tasking operating system initially developed in the1960s by AT&T Bell labs. The majority of UNIX is written in the C programming language and is therefore capable of running on a wide range of computer architectures. Hardware suppliers such as SCO, SGI, IBM, Hewlett Packard and Sun each provide their own versions of UNIX to run on their high end servers.
  • Linux
    Linux, sometimes called GNU/Linux, is a free open source Unix-like operating system. The GNU project began in 1984 with the aim of creating a free version of UNIX. The project however lacked a fully functioning kernel until 1991 when a 3 rd party kernel called Linux was released by Linus Talvolds. The Linux kernel is normally released in combination with various packages from the GNU project and other sources.

UNIX / Linux data recovery

We support one of the largest ranges of UNIX & Linux file systems in the industry. Even if our current tools do not support your variation we have a team of software developers capable of Just In Time (JIT) development to modify or create new tools to match your needs.

Supported UNIX OS Supported Linux OS Supported File Systems
  • SCO – OpenServer, System V, UnixWare
  • Sun Microsystems - Solaris
  • Hewlett Packard - HP-UX
  • IBM – AIX
  • SGI – IRIX
  • BSD / FreeBSD
  • Many more
  • Red Hat Enterprise Linux
  • Fedora
  • Mandriva
  • Novell SUSE Linux
  • Debian
  • Ubuntu
  • Many More
  • FFS, EXT 2 & 3
  • ReiserFS
  • XFS
  • JFS
  • LVM
  • Many more

File systems

  • Fast File System, EXT 2 & 3

EXT 2 file system (sometimes known as the second extended file system) was originally designed for the Linux platform and was released in 1993. It has since been superseded by EXT3 which added a few new features the most notable being the journaling. EXT3 is currently the default file system for most of the popular Linux distributions.

Like many other UNIX file systems the main structure is very similar to that of the original UNIX Fast File System (FFS). The partition is split up into Cylinder Groups and originally each of these groups contains a Superblock, Group Table, Data Bitmap, Inode Bitmap, Inodes and finally Data. However more recent versions of EXT2 and EXT3 have Sparse Cylinder Groups which contain only Inodes and Data.

The EXT2 & 3 file systems have a fixed number of Inodes and these are mapped out on the partition by the Superblocks and group tables. These Inodes are used to represent both files and directories and contains:

  • File Type
  • Access Rights
  • Owners
  • Timestamps
  • Size
  • Data block Pointers

The data block pointers are the part of the inode that address the file data on the drive.

The first twelve are point to the physical blocks containing the data, the last three however point to the data blocks indirectly (single, double and triple indirects). The single indirect contains the address of a block containing direct pointers as shown in the diagram, the double indirect points to a block containing single indirect pointers and logically the triple indirect points to block containing double indirect pointers. This can be very difficult to visualise but basically each step of indirection allows the amount of data to be addressed to increase exponentially.

  • XFS

XFS was originally developed by SGI in 1993 to overcome some of the performance and scaling limitations of FFS. It was first released in 1994 with IRIX v5.3 and in 2000 SGI released the code as open source, it was then officially included in the Linux kernel from 2003. XFS structure is very similar to that of FFS at first glance. It keeps the cylinder group system of splitting the partition but names them allocation groups and it also has superblocks and uses inodes to contain the file metadata however this is where the similarities end.

Unlike FFS the file system does not have a fixed number of inodes pre-allocated on the drive, instead it is the job of each allocation group to monitor freespace and dynamically allocates inodes as required by the file system. These inodes are organised in a balanced B+ tree, this makes traversing the directory structure much quicker than the traditional list system implemented in FFS. However to maintain high performance the B+ tree must remain balanced as more inodes are allocated and this requires a relatively advanced algorithm. XFS inodes also use extents (run lists) to address data instead of addressing individual data blocks like FFS as this normally scales a better for large files.

XFS also includes journaling to offer file system recoverability in case of system crashes and power failures. However XFS only journals the file system metadata so while the volume can be repaired and mounted there can still be user data loss.

Another feature of XFS is delayed allocation, a method of allocating the blocks for file data while caching the data in memory. This data is then only actually written to the file system when the cache is flushed by the operating system. The main advantages of this approach are that it can often dramatically reduce fragmentation especially with files that expand slowly and it often reduces CPU load.

  • JFS (Journaled File System)

In 1990 IBM first released JFS with AIX version 3.1. Later in 1999 IBM ported it to OS/2 and released a version of JFS to open source community and by 2006 there was a stable version for Linux.

The design philosophy behind JFS is comparable to that of XFS and they overcome many of the performance limitations of FFS in similar ways even though the final implementations are different. They both use metadata journaling to offer file system recoverability, dynamically allocated inodes, extents to address the data area and also B+ trees to transverse directories. Please see the XFS section for details.

  • ReiserFS
LVM (Logical Volume Management)

Logical Volume Management is a method of overcoming some of the limitations of using traditional partition methods to allocate storage space on media. Commonly included features are:

  • File System Spanning and Software RAIDs (Level 0, 1 & 5)
  • Resizing Volume Groups & Logical Volumes
  • Snapshots

Conventionally the space on hard drives is split up into partitions which file systems are written directly to. LVM however works a bit differently, the disks are still allocated using partitions but these are seen as physical volumes to the LVM. These physical volumes are then pooled together as either a RAID or through spanning to form a Volume Group. The Volume Group can then be allocated to form Logical Volumes on which the file systems actually reside. The diagram below shows a relatively simple example of how an LVM might be used.

Modern versions of UNIX each have their own variations of LVM and depending on the vender they have different names and feature sets. Linux also has an LVM which was originally based on the Hewlett Packard UNIX version. One notable feature missing from both the HP and Linux LVM is that they have no implementation for parity fault tolerance, hence no software RAID 5 support.

Windows 2000, 2003, XP & Vista have an equivalent system called Logical Disk Manager, which provides similar functionality.