first off, I’m a total idiot. I was updating my passwords file that I keep encrypted. However, when I went to remove the old file, I typed in the new file’s name and deleted it instead. D’oh!
well, as you might know, unix-like systems do not have an “undelete” facility. When you delete a file, it’s gone. Or so they say.
When you create a file on a unix-like system, or more specifically, an indexed file system, there are entries stored somewhere on disk that tell you (and the rest of the system) how and where to find those files. When you delete a file, that information is gone (depending on filesystem). Now, to the standard user, there is no way of knowing where that file is. In fact, parts of that file could be strewn over different parts of the disk. Things are sounding pretty grim, huh? To make matters worse, when new files are created, there’s the possibility that old files are being overwritten with new data.
“grep” is an old, old unix program that allows you to search for specified strings or regular expressions (e.g. any line containing the word `idiot`) in files. Well, those unix guys were pretty smart when they decided that “everything is a file”, including hard disks. So, you can ask grep to search the file that represents the hard drive in question and search for known strings.
The end result is that I retrieved my passwords (and thus, saving my marriage). It doesn’t change the fact that I’m a total idiot. In fact, knowing that I can recover data this way is probably going to ensure that it happens again. Oy.!