LinuxCommandLibrary

extundelete

ext3/ext4 file recovery utility

TLDR

Restore all deleted files from partition

$ sudo extundelete [/dev/sdXN] --restore-all
copy
Restore a specific file
$ extundelete [/dev/sdXN] --restore-file [path/to/file]
copy
Restore a specific directory
$ extundelete [/dev/sdXN] --restore-directory [path/to/directory]
copy
Restore files deleted after a date
$ extundelete [/dev/sdXN] --restore-all --after [1577840400]
copy

SYNOPSIS

extundelete device [options]

DESCRIPTION

extundelete recovers deleted files from ext3 and ext4 partitions by parsing the filesystem journal. It can restore individual files, directories, or all recoverable files.
Works best when run immediately after deletion before journal wraps.

PARAMETERS

--restore-all

Restore all recoverable files
--restore-file path
Restore specific file
--restore-directory path
Restore specific directory
--after time
Only restore files deleted after Unix timestamp
--before time
Only restore files deleted before timestamp

CAVEATS

Only works with ext3/ext4 filesystems. Unmount partition before recovery for best results. Paths are relative to filesystem root (no leading /). Recovery success depends on journal state.

SEE ALSO

testdisk(8), photorec(8), debugfs(8)

> TERMINAL_GEAR

Curated for the Linux community

Copied to clipboard

> TERMINAL_GEAR

Curated for the Linux community