Date: Mon, 04 Mar 2013 13:21:23 +0100 From: "Julian H. Stacey" <jhs@berklix.com> To: Polytropon <freebsd@edvax.de> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Grepping though a disk Message-ID: <201303041221.r24CLNwT011267@fire.js.berklix.net> In-Reply-To: Your message "Mon, 04 Mar 2013 01:36:08 %2B0100." <20130304013608.7981e8a9.freebsd@edvax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Polytropon & cc questions@ > Any suggestion is welcome! Ideas: A themed list: freebsd-fs@freebsd.org There's a bunch of fs tools in /usr/ports/sysutils/ My http://www.berklix.com/~jhs/src/bsd/jhs/bin/public/slice/ slices large images such as tapes & disks (also the slice names would give numbers convertable to offsets probaably useful to eg ..a) man fsdb A bit of custom C should run a lot faster than shells & greps, eg when I was looking for nasty files from a bad scsi controller, I wrote http://www.berklix.com/~jhs/src/bsd/jhs/bin/public/8f/ One could run eg slice asynchronously & suspend ^Z when you run out of space, & periodicaly run some custom C (like 8f.c) or some find grep -v rm loop to discard most slices as of no interest. Then resume slicing. OK, thats doing writes too, so slower than just read & a later dd with seek=whatever, depends how conservative one's feeling, about doing reruns with other search criteria. You mentioned risk of text string chopped across a slice/block boundary. Certainly a risk. Presumably solution is to search twice. 2nd time after a dd with a half block/ slice size offset, then slice/search again. If you runout of space to do that, you might write a temporary disklabel/bsdlabel with an extra partition with a half block offset .. dodgy stuff that, do it while you'r wide awake :-) Always a pain these scenarios, loosing hours of human & CPU time, I hope data's worth it, good luck. Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com Reply below not above, like a play script. Indent old text with "> ". Send plain text. No quoted-printable, HTML, base64, multipart/alternative.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201303041221.r24CLNwT011267>