1
00:00:00,000 --> 00:00:17,600
Hey guys and welcome back. Now in the previous nugget we discussed some of the tools that

2
00:00:17,600 --> 00:00:24,960
we have available to us to work with EXT based file systems. Now we do have a few more tools

3
00:00:24,960 --> 00:00:32,880
that we want to discuss with respect to EXT and those happen to be one called dump E2FS and

4
00:00:32,880 --> 00:00:40,079
another one called debug FS. So let's begin exploring what these two commands can bring us.

5
00:00:40,079 --> 00:00:46,320
So we will start with the very first one dump E2FS. Now quite honestly this command can give you a

6
00:00:46,320 --> 00:00:51,840
massive volume of information quite honestly it can be a little bit too much at least in my opinion

7
00:00:51,840 --> 00:00:58,000
so just be wary of the output of this particular command. Now much of what you're going to see

8
00:00:58,000 --> 00:01:05,359
in this output is going to be related to what are called block group descriptors. Now you can see this

9
00:01:05,359 --> 00:01:10,719
information and in some cases this is definitely a useful piece of information to see of course

10
00:01:10,719 --> 00:01:17,040
but quite honestly generally speaking you're not going to be utilizing this information. Now if you

11
00:01:17,040 --> 00:01:24,000
want to be able to omit this information and quite honestly shorten out the input by a great deal

12
00:01:24,000 --> 00:01:32,320
make it much more readable you can use the dump E2FS command with the dash H option. In fact if we

13
00:01:32,320 --> 00:01:39,120
go into the man page dump E2FS you can see what it's going to do is only display the super block

14
00:01:39,120 --> 00:01:45,040
information and not these block descriptors. So that is what we will do press Q to quit

15
00:01:45,040 --> 00:01:51,440
let's just clear the screen and we can perhaps run it against SDB1 because like we know this is an

16
00:01:51,440 --> 00:02:01,439
EXT based file system so I will say SIDO Dump E2FS and using that dash H flag I will target

17
00:02:01,439 --> 00:02:08,319
DEV SDB1. So if I enter I have to type in my passwords there we go now we're going to get this

18
00:02:08,319 --> 00:02:15,519
information here so this is like the information we see from the listing of tune to FS whereas if we

19
00:02:15,519 --> 00:02:22,239
do not use the H flag you'll get to see what I mean. Hit enter we see way way way more information

20
00:02:22,239 --> 00:02:27,439
this way okay so realistically you're probably not going to need all of this information on a

21
00:02:27,439 --> 00:02:33,519
regular basis at least so we will stick to the dash H flag. Now some pieces of information that we

22
00:02:33,520 --> 00:02:40,000
want to be aware of is say for example this one right here the file system features now the reason

23
00:02:40,000 --> 00:02:46,000
why this is useful is this is going to allow you to see what your file system can actually do for

24
00:02:46,000 --> 00:02:52,640
example we can see here that we have the has journal option this means that this file system

25
00:02:52,640 --> 00:03:00,800
is capable of journaling now you may remember that EXT2 does not have journaling this was brought in

26
00:03:00,800 --> 00:03:09,760
on EXT3 and carried forward on EXT4 so the fact that we have an EXT4 based file system no surprise

27
00:03:09,760 --> 00:03:16,320
to learn that this file system does indeed have the ability to journal but despite this even if we

28
00:03:16,320 --> 00:03:22,000
did not know that information we could easily find this information out using this particular command

29
00:03:22,000 --> 00:03:28,400
now that is only one piece of information we would want to be aware of now another very useful piece

30
00:03:28,480 --> 00:03:35,200
of information relates to our inodes and it's this one right here the inode count simply put on

31
00:03:35,200 --> 00:03:43,599
linux every file must have an inode number and this value here tells us how many inodes are

32
00:03:43,599 --> 00:03:51,200
available on the system and if every file must have an inode number in essence this value tells us

33
00:03:51,200 --> 00:03:57,360
the maximum amount of files that you can have on your system now we actually have our block count

34
00:03:57,360 --> 00:04:04,000
this tells us the amount of blocks we have available on the system and the reserve block counts this

35
00:04:04,000 --> 00:04:11,440
is how many blocks are reserved for the super user now we did mention it is unlikely that you would

36
00:04:11,440 --> 00:04:18,720
want to see the entire output of this command i.e the output containing those block group descriptors

37
00:04:18,720 --> 00:04:23,360
but actually when you happen to be using the Fisk utility when you want to repair a particular

38
00:04:23,360 --> 00:04:29,520
file system you may get a very peculiar error denoting that you have something called a bad

39
00:04:29,520 --> 00:04:34,800
super block now this is not something you're going to be dealing with with any kind of regularity

40
00:04:34,800 --> 00:04:40,800
but when you want to be able to invoke backups of your information you can actually take the block

41
00:04:40,800 --> 00:04:46,879
group descriptor information say for example here if i run the command again without the hflag

42
00:04:46,879 --> 00:04:54,079
let's have a look at group one right here notice we can actually see the backup super block location

43
00:04:54,079 --> 00:05:01,279
and the value here is three two seven six eight now if your super block happens to be corrupted

44
00:05:01,279 --> 00:05:07,360
and you have some type of error you could actually use this information with Fisk so you would take

45
00:05:07,360 --> 00:05:12,879
in notes of the value here and we would take a note of what we are targeting in this case here

46
00:05:12,879 --> 00:05:21,360
it's sdb1 and all i could do here is i could use the command fisk dash b and then specify that block

47
00:05:21,360 --> 00:05:28,480
value and then specify what we are targeting against and this super block is a vital component for

48
00:05:28,480 --> 00:05:35,279
your file system health you will be able to use the backup information from the dump e2fs outputs

49
00:05:35,279 --> 00:05:41,519
in conjunction with the Fisk utility so that you still can check and repair this particular system

50
00:05:41,519 --> 00:05:47,359
now one other command like i say i want to talk to you about very briefly is the debug fs command

51
00:05:47,359 --> 00:05:54,799
now the debug fs command this is a command line utility that allows you to do some interactive

52
00:05:54,799 --> 00:06:02,719
debugging and this is going to operate with respect to ext2 ext3 and ext4 based file systems

53
00:06:02,719 --> 00:06:08,560
now before we can use this interactive debugger our file system that we want to target must not

54
00:06:08,639 --> 00:06:14,560
be mounted so what i will do is i will actually unmount sdb1 in case if we check we can see

55
00:06:15,120 --> 00:06:22,639
sdb1 no longer is mounted let's clear the screen and i can say debug fs now what i want to do

56
00:06:22,639 --> 00:06:29,920
is i want to be able to open a particular file system so i can say open and i'll say dev sdb1

57
00:06:29,920 --> 00:06:36,160
and to enter and of course as per usual i want to be using pseudo privileges so i'll start this again

58
00:06:36,160 --> 00:06:42,000
apologies okay so with super user privileges this time i will open now we have opened this if i want

59
00:06:42,000 --> 00:06:47,680
to view file system statistics i can use the command stats within debug fs and we're going to get a

60
00:06:47,680 --> 00:06:53,440
bunch of statistics if i want to browse the file system i could do ls now within this unmounted

61
00:06:53,440 --> 00:06:59,760
file system there is not much to see here all we have is our lost and found directory but nevertheless

62
00:06:59,759 --> 00:07:06,319
on many more file systems you may see a lot more information and we can press q to quit the program

63
00:07:06,319 --> 00:07:12,480
so really what we can see here with debug fs we can get information about our unmounted file system

64
00:07:12,480 --> 00:07:18,480
using things like ls we can get statistical information and quite honestly many of the

65
00:07:18,480 --> 00:07:24,480
options available within debug fs are really similar to regular linux commands now a common

66
00:07:24,480 --> 00:07:31,680
use case with debug fs is if you happen to maybe say delete a particular file accidentally what you

67
00:07:31,680 --> 00:07:39,040
could do is you could unmount the file system and then you could use the command ls del to list your

68
00:07:39,040 --> 00:07:46,480
deleted files and ultimately use the un del command with this information you receive from this output

69
00:07:46,480 --> 00:07:52,480
and you can potentially although not always recover that accidentally deleted file this would be a

70
00:07:52,480 --> 00:08:00,800
perfect use case of using such a tool so these tools debug fs as well as the dump e2 fs command

71
00:08:00,800 --> 00:08:06,879
both of these tools give you additional features and functionality to be able to manage and recover

72
00:08:06,879 --> 00:08:13,360
information based on ext based file systems so that is us for ext based file systems i hope this

73
00:08:13,360 --> 00:08:19,600
has been informative for you i'd like to thank you for viewing