디스크에서는 데이터를 복구할 수 있지만 동일한 디스크의 이미지에서는 복구할 수 없습니까?

그래서 저는 참가자들이 손상된 디스크의 이미지를 찍고, 설치 과정을 순환하고, 데이터를 복구해야 하는 교육 시나리오를 만들고 있습니다. 이것은 상당히 기본적인 것인데 이상한 문제에 봉착했습니다.

/dev/vdb 드라이브가 있습니다:

[root@training ~]# fdisk -l /dev/vdb

Disk /dev/vdb: 21.5 GB, 21474836480 bytes, 41943040 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

먼저 이미지를 촬영하고 이미지와 드라이브의 md5sum이 일치하는지 확인합니다.

[root@disk-training ~]# dd if=/dev/vdb of=/recovery/recovery.img conv=sync,notrunc,noerror
10485760+0 records in
10485760+0 records out
5368709120 bytes (5.4 GB) copied, 64.6406 s, 83.1 MB/s

[root@disk-training ~]# md5sum /dev/vdb
08452c6ca60007e69694e7e96258554d  /dev/vdb

[root@disk-training ~]# md5sum /recovery/recovery.img
08452c6ca60007e69694e7e96258554d  /recovery/recovery.img

다음으로 캐시 혼동이 없는지 확인하기 위해 캐시를 제거합니다.

[root@disk-training ~]# sync; echo 1 > /proc/sys/vm/drop_caches
[root@disk-training ~]# sync; echo 2 > /proc/sys/vm/drop_caches
[root@disk-training ~]# sync; echo 3 > /proc/sys/vm/drop_caches

testdisk를 혼합하여 파티션을 복원하고 fsck를 사용하여 파일 시스템을 복원하면 파일을 검색할 수 있습니다.

[root@disk-training ~]# testdisk /dev/vdb
TestDisk 7.0, Data Recovery Utility, April 2015
Christophe GRENIER <[email protected]>
http://www.cgsecurity.org
You have to reboot for the change to take effect.

[root@disk-training ~]# partprobe /dev/vdb

[root@disk-training ~]# fsck -y /dev/vdb1
fsck from util-linux 2.23.2
e2fsck 1.42.9 (28-Dec-2013)
ext2fs_open2: Bad magic number in super-block
fsck.ext2: Superblock invalid, trying backup blocks...
/dev/vdb1 was not cleanly unmounted, check forced.
Resize inode not valid.  Recreate? yes
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
Free blocks count wrong for group #0 (23896, counted=23897).
Fix? yes
Free blocks count wrong for group #1 (32127, counted=32126).
Fix? yes
Free inodes count wrong for group #0 (8181, counted=8180).
Fix? yes
Free inodes count wrong (327669, counted=327668).
Fix? yes
/dev/vdb1: ***** FILE SYSTEM WAS MODIFIED *****
/dev/vdb1: 12/327680 files (0.0% non-contiguous), 58463/1309696 blocks

[root@disk-training ~]# mount /dev/vdb1 /mnt/

[root@disk-training ~]# ls -l /mnt/file
-rw-r--r-- 1 root root 10 Dec 12 15:41 /mnt/file

그래서 모두 좋습니다. 그래서 이미지를 루프 장치로 설정하고 또 다른 md5sum을 수행하여 다음을 확인합니다.

[root@disk-training ~]# losetup /dev/loop0 /recovery/recovery.img

[root@disk-training ~]# md5sum /dev/loop0
08452c6ca60007e69694e7e96258554d  /dev/loop0

이제 동일한 프로세스를 실행하면 성공하지 못합니다.

[root@disk-training ~]# testdisk /dev/loop0
TestDisk 7.0, Data Recovery Utility, April 2015
Christophe GRENIER <[email protected]>
http://www.cgsecurity.org
You have to reboot for the change to take effect.

[root@disk-training ~]# partprobe /dev/loop0

[root@disk-training ~]# fsck -y /dev/loop0p1
fsck from util-linux 2.23.2
e2fsck 1.42.9 (28-Dec-2013)
ext2fs_open2: Bad magic number in super-block
fsck.ext2: Superblock invalid, trying backup blocks...
fsck.ext2: Bad magic number in super-block while trying to open /dev/loop0p1

The superblock could not be read or does not describe a correct ext2
filesystem.  If the device is valid and it really contains an ext2
filesystem (and not swap or ufs or something else), then the superblock
is corrupt, and you might try running e2fsck with an alternate superblock:
    e2fsck -b 8193 <device>

제가 수행한 몇 가지 기본적인 문제 해결 방법은 다음과 같습니다.

[root@disk-training ~]# dumpe2fs /dev/loop0p1
dumpe2fs 1.42.9 (28-Dec-2013)
dumpe2fs: Bad magic number in super-block while trying to open /dev/loop0p1
Couldn't find valid filesystem superblock.

[root@disk-training ~]# mke2fs -n /dev/loop0p1
mke2fs 1.42.9 (28-Dec-2013)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
327680 inodes, 1309696 blocks
65484 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=1342177280
40 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
        32768, 98304, 163840, 229376, 294912, 819200, 884736


[root@disk-training ~]# for i in {32768,98304,163840,229376,294912,819200,884736}; do e2fsck -b $i /dev/loop0p1; done
e2fsck 1.42.9 (28-Dec-2013)
e2fsck: Bad magic number in super-block while trying to open /dev/loop0p1

The superblock could not be read or does not describe a correct ext2
filesystem.  If the device is valid and it really contains an ext2
filesystem (and not swap or ufs or something else), then the superblock
is corrupt, and you might try running e2fsck with an alternate superblock:
    e2fsck -b 8193 <device>

e2fsck 1.42.9 (28-Dec-2013)
e2fsck: Invalid argument while trying to open /dev/loop0p1

The superblock could not be read or does not describe a correct ext2
filesystem.  If the device is valid and it really contains an ext2

......

나는 이 결과에 매우 혼란스러워서 누군가 나에게 무슨 일이 일어나고 있는지 설명해 줄 수 있는지 궁금합니다.