How do I interpret the output of the filefrag command?

Question

I have a dump file in my system that has confidential data in it. I tried using the filefrag command to open it. The output is:

root@sateesh935-SVE15115ENB:/home/sateesh935/Desktop/g3# filefrag -v dump

Filesystem type is: ef53

File size of dump is 267894784 (65404 blocks, blocksize 4096)

ext logical physical expected length flags
0     0     3328000         6144
1    6144   3500032       3334144    32768
2    38912  3532800        26492      eof
dump: 2 extents found

What does the above output indicate? How can I get the data from the dump file?

I will tell you the whole procedure which I have done.

First I got the dump.enc file.
To extract the the data from that I used the following command.
```
openssl enc -d -aes-256-cbc -in dump.enc -out dumpL 
```
and it is encrypted by the AES-256 for that I have used a key and I extracted the file.
Now I got the dumpL file in which some data is there.
But I don't know how to see the data in that file.

score 0 · Answer 1 · answered Mar 17 '13 at 04:51

0

You have a file called dump. Its split in two parts. As per the manpage filefrag reports on how badly fragmented a particular file might be. It makes allowances for indirect blocks for ext2 and ext3 filesystems, but can be used on files for any filesystem.. If you're expecting it to do something else, you're doing it wrong.

Of course without know what or where 'dump' is from, we can't tell very much. EF53 is a 'magic' number, that refers to EXT2/3 and 4 and is the filesystem the harddrive dump is on is using. You cannot extract any other useful information other than that.

answered Mar 17 '13 at 04:51

Journeyman Geek

3,013

Then how to view data in that particular file? – str4n63r Mar 17 '13 at 04:54
Ok. I will tell you the whole procedure which I have Done. – str4n63r Mar 17 '13 at 05:04

How do I interpret the output of the filefrag command?

1 Answers1

Linked