Re: usare un parametro in pipe.

To: debian-italian@lists.debian.org
Cc: debian-italian@lists.debian.org
Subject: Re: usare un parametro in pipe.
From: Gollum1 <gollum1.smeagol1@gmail.com>
Date: Wed, 10 Oct 2012 13:19:35 +0200
Message-id: <[🔎] CANTVqs8pbByKBaLi+Cd7SE1YL9BEu05eyBKkQ5-TOy0ZmV61Mg@mail.gmail.com>
In-reply-to: <[🔎] 507548B3.2080103@gmail.com>
References: <[🔎] CANTVqs_hfA_mcvEKobLK6sFT=WNrVGeSMqV0MP-tuQyCO-Pacw@mail.gmail.com> <[🔎] 507548B3.2080103@gmail.com>

Il 10 ottobre 2012 12:06, Lorenzo Sutton <lorenzofsutton@gmail.com> ha scritto:
> On 10/10/12 10:34, Gollum1 wrote:
> Sarebbe utile avere un esempio di una linea di output positiva e una
> negativa.

allego due output del comando ntfsundelete, fatto su un'altro disco
che ho su questa macchina, la situazione è identica, ho estrapolato un
piccolo set di file, tenendo in considerazione la percentuale di
recupero dichiarata, e quei flag che ci sono in seconda colonna (devo
ancora vedere che cosa significano, ma ho il sospetto che F indichi i
file e D le directory, tanto per cominciare)...

naturalmente non riesco ad avere la struttura completa delle
directory, ma potrebbe essere già un buon inizio...

Non credo che la scansione sia fatta in modo sequenziale, e che quindi
i file che seguono una directory siano in realtà dentro di essa, ma
credo che l'ordinamento sia in base all'inode.

Byez
-- 
Gollum1
Tesssssoro, dov'é il mio tessssoro...

Inode    Flags  %age  Date           Size  Filename
---------------------------------------------------------------
File has no data streams.
MFT Record 16
Type: File
Date: 1970-01-01 01:00
Metadata may span more than one MFT record
Data Streams:
________________________________________

File is resident, therefore recoverable.
File is 100% recoverable
MFT Record 493
Type: File
Date: 2012-08-09 18:06
Filename: (2) ETWRTE~2.ETL
File Flags: <none>
Parent: RtBackup
Size alloc: 0
Size data: 0
Date C: 2012-08-09 18:06
Date A: 2012-08-09 18:06
Date M: 2012-08-09 18:06
Date R: 2012-08-09 18:06
Filename: (1) EtwRTEventLog-Application.etl
File Flags: <none>
Parent: RtBackup
Size alloc: 0
Size data: 0
Date C: 2012-08-09 18:06
Date A: 2012-08-09 18:06
Date M: 2012-08-09 18:06
Date R: 2012-08-09 18:06
Data Streams:
Name: <unnamed>
Flags: Resident

Size alloc: 0
Size data: 0
Size init: 0
Size vcn: 0
Data runs:
    None
Amount potentially recoverable 100%
________________________________________

File has an empty runlist, hence no data.
File is 0% recoverable
MFT Record 26343
Type: File
Date: 1970-01-01 01:00
Metadata may span more than one MFT record
Data Streams:
Name: <unnamed>
Flags: None
Size alloc: 0
Size data: 0
Size init: 0
Size vcn: 0
Data runs:
    None
Amount potentially recoverable 0%
________________________________________

MFT Record 42598
Type: Directory
Date: 2012-08-09 18:08
Filename: (2) USGTHR~1
File Flags: <none>
Parent: Temp
Size alloc: 0
Size data: 0
Date C: 2012-08-09 18:08
Date A: 2012-08-09 18:08
Date M: 2012-08-09 18:08
Date R: 2012-08-09 18:08
Filename: (1) usgthrsvc
File Flags: <none>
Parent: Temp
Size alloc: 0
Size data: 0
Date C: 2012-08-09 18:08
Date A: 2012-08-09 18:08
Date M: 2012-08-09 18:08
Date R: 2012-08-09 18:08
Data Streams:
________________________________________

File is 100% recoverable
MFT Record 68075
Type: File
Date: 2012-08-10 11:00
Filename: (2) AVEVTD~1.DBE
File Flags: <none>
Parent: EVENTDB
Size alloc: 0
Size data: 0
Date C: 2012-08-10 11:00
Date A: 2012-08-10 11:00
Date M: 2012-08-10 11:00
Date R: 2012-08-10 11:00
Filename: (1) avevtdb.dbe-journal
File Flags: <none>
Parent: EVENTDB
Size alloc: 0
Size data: 0
Date C: 2012-08-10 11:00
Date A: 2012-08-10 11:00
Date M: 2012-08-10 11:00
Date R: 2012-08-10 11:00
Data Streams:
Name: <unnamed>
Flags: None
Size alloc: 4096
Size data: 2576
Size init: 2576
Size vcn: 1
Data runs:
    1 @ 631328
Amount potentially recoverable 100%
________________________________________

File is 0% recoverable
MFT Record 72127
Type: File
Date: 2012-02-03 16:35
Filename: (2) CFPCON~4.LAN
File Flags: <none>
Parent: TEMPFI~1
Size alloc: 0
Size data: 0
Date C: 2012-08-10 10:43
Date A: 2012-08-10 10:43
Date M: 2012-08-10 10:43
Date R: 2012-08-10 10:43
Filename: (1) cfpconfg.chinese.lang
File Flags: <none>
Parent: TempFiles
Size alloc: 0
Size data: 0
Date C: 2012-08-10 10:43
Date A: 2012-08-10 10:43
Date M: 2012-08-10 10:43
Date R: 2012-08-10 10:43
Data Streams:
Name: <unnamed>
Flags: None
Size alloc: 28672
Size data: 25976
Size init: 25976
Size vcn: 7
Data runs:
    7 @ 573741
Amount potentially recoverable 0%
________________________________________

File is resident, therefore recoverable.
File is 100% recoverable
MFT Record 132887
Type: File
Date: 2012-02-03 16:35
Filename: (2) CAVSHE~3.LAN
File Flags: <none>
Parent: TEMPFI~1
Size alloc: 0
Size data: 0
Date C: 2012-08-10 10:43
Date A: 2012-08-10 10:43
Date M: 2012-08-10 10:43
Date R: 2012-08-10 10:43
Filename: (1) cavshell.greek.lang
File Flags: <none>
Parent: TempFiles
Size alloc: 0
Size data: 0
Date C: 2012-08-10 10:43
Date A: 2012-08-10 10:43
Date M: 2012-08-10 10:43
Date R: 2012-08-10 10:43
Data Streams:
Name: <unnamed>
Flags: Resident

Size alloc: 0
Size data: 340
Size init: 0
Size vcn: 0
Data runs:
    None
Amount potentially recoverable 100%
________________________________________

MFT Record 193890
Type: Directory
Date: 1970-01-01 01:00
Metadata may span more than one MFT record
Filename: (1) a88203c5831df77ae060d14f2bd14310
File Flags: <none>
Parent: Download
Size alloc: 0
Size data: 0
Date C: 2012-07-30 22:16
Date A: 2012-07-30 22:16
Date M: 2012-07-30 22:16
Date R: 2012-07-30 22:16
Data Streams:
________________________________________

File is resident, therefore recoverable.
File is 100% recoverable
MFT Record 194816
Type: File
Date: 2012-02-23 15:17
Filename: (3) index11e.dat
File Flags: <none>
Parent: NativeImages_v4.0.30319_32
Size alloc: 0
Size data: 0
Date C: 2012-02-23 15:17
Date A: 2012-02-23 15:17
Date M: 2012-02-23 15:17
Date R: 2012-02-23 15:17
Data Streams:
Name: <unnamed>
Flags: Resident

Size alloc: 0
Size data: 0
Size init: 0
Size vcn: 0
Data runs:
    None
Amount potentially recoverable 100%
________________________________________

File has no data streams.
MFT Record 222974
Type: File
Date: 1970-01-01 01:00
Metadata may span more than one MFT record
Data Streams:
________________________________________

File has no data streams.
MFT Record 222975
Type: File
Date: 1970-01-01 01:00
Metadata may span more than one MFT record
Data Streams:
________________________________________


Files with potentially recoverable content: 1203

Inode    Flags  %age  Date           Size  Filename
---------------------------------------------------------------
16       F..!     0%  1970-01-01         0  <none>
493      FR..   100%  2012-08-09         0  EtwRTEventLog-Application.etl
26343    FN.!     0%  1970-01-01         0  <none>
42598    D...     0%  2012-08-09         0  usgthrsvc
68075    FN..   100%  2012-08-10      2576  avevtdb.dbe-journal
72127    FN..     0%  2012-02-03     25976  cfpconfg.chinese.lang
132887   FR..   100%  2012-02-03       340  cavshell.greek.lang
193890   D..!     0%  1970-01-01         0  a88203c5831df77ae060d14f2bd14310
194229   D...     0%  2012-07-31         0  locale
194816   FR..   100%  2012-02-23         0  index11e.dat
222974   F..!     0%  1970-01-01         0  <none>
222975   F..!     0%  1970-01-01         0  <none>

Files with potentially recoverable content: 1203

Reply to:

References:
- usare un parametro in pipe.
  - From: Gollum1 <gollum1.smeagol1@gmail.com>
- Re: usare un parametro in pipe.
  - From: Lorenzo Sutton <lorenzofsutton@gmail.com>

Prev by Date: Re: apcupsd via rete
Next by Date: Re: usare un parametro in pipe.
Previous by thread: Re: usare un parametro in pipe.
Next by thread: sysrescueCD
Index(es):
- Date
- Thread