debugfs
TLDR
Open filesystem in read-only mode
$ debugfs [/dev/sdXN]
Open filesystem in read-write mode$ debugfs -w [/dev/sdXN]
Read commands from file$ debugfs -f [path/to/cmd_file] [/dev/sdXN]
View filesystem stats (interactive)$ stats
Close the filesystem (interactive)$ close -a
List available commands (interactive)$ lr
SYNOPSIS
debugfs [options] [device]
DESCRIPTION
debugfs is an interactive debugger for ext2/ext3/ext4 filesystems. It allows direct manipulation of filesystem structures, which is useful for data recovery, analysis, and troubleshooting.
Can be used to recover deleted files, examine inodes, and manually fix filesystem issues.
PARAMETERS
-w
Open in read-write mode-f file
Read commands from file-R command
Execute single command and exit-c
Open filesystem as catastrophic mode (for corrupted filesystems)
INTERACTIVE COMMANDS
stats
Show filesystem statisticsls dir
List directorycat file
Display file contentslsdel
List deleted inodesdump inode file
Dump inode to file
CAVEATS
Requires root privileges. Use with extreme caution in write mode. Unmount filesystem before making changes. Improper use can cause data loss.
