LinuxCommandLibrary

e2image

Save ext2/3/4 filesystem metadata to file

TLDR

Write metadata located on device to a specific file

$ e2image [/dev/sdXN] [path/to/image_file]
copy

Print metadata located on device to stdout
$ e2image [/dev/sdXN] -
copy

Restore the filesystem metadata back to the device
$ e2image -I [/dev/sdXN] [path/to/image_file]
copy

Create a large [r]aw sparse file with metadata at proper offsets
$ e2image -r [/dev/sdXN] [path/to/image_file]
copy

Create a [Q]COW2 image file instead of a normal or raw image file
$ e2image -Q [/dev/sdXN] [path/to/image_file]
copy

SYNOPSIS

e2image [-aIfn] device imagefile
e2image -r raid-image-file

PARAMETERS

-a
    Save all backup superblocks, GDTs, block/inode bitmaps (default: only primaries)

-I
    Print image to stdout in hexadecimal dump format (implies -a)

-f
    Force overwrite of existing imagefile

-n
    Print header info to stdout without creating/saving image

-r
    Recover/copy metadata from RAID image back to device (device must be unmounted)

DESCRIPTION

e2image is a utility from the e2fsprogs package designed to extract and save critical metadata from ext2, ext3, or ext4 filesystems into a single image file. This metadata includes primary and backup superblocks, group descriptor blocks (GDTs), block allocation bitmaps, and inode allocation bitmaps.

The primary use case is for debugging and recovery: the compact image file enables faster analysis with tools like debugfs(8) compared to reading directly from the potentially corrupted device. It supports saving only primary copies (default) or all redundant copies with -a.

Output can be directed to stdout in binary or hex format for scripting or inclusion in C code. The -r mode allows recovery of metadata from special RAID images back to the device during resync operations.

Ideal for forensic analysis, pre-upgrade backups of metadata, or preparing for e2fsck(8) repairs on damaged filesystems. The image is self-describing with headers indicating offsets and sizes of each component.

CAVEATS

Requires root privileges. Source device should be unmounted for consistency. Image files grow large with -a on big filesystems. Use -r cautiously to avoid corrupting live RAID setups.

IMAGE FILE STRUCTURE

Header with magic number/metadata summary, followed by raw dumps of superblock, GDTs, bitmaps (offsets/sizes listed for parsing)

TYPICAL USAGE

e2image -a /dev/sda1 fsimage.e2i then debugfs -R 'image_load fsimage.e2i' /dev/sda1 for analysis

HISTORY

Introduced in e2fsprogs 1.19 (2001) by Theodore Ts'o to aid ext3 debugging and recovery. Enhanced in later versions for ext4 support, RAID integration, and hex output for programmatic use.

SEE ALSO

debugfs(8), dumpe2fs(8), tune2fs(8), e2fsck(8), mke2fs(8)

Copied to clipboard