Unix was first developed in the 1970’s at the Bell Labs research centre, to provide a multitasking, multiuser computer operating system. Originally intended for internal use, Unix was soon licenced by AT&T for academic and commercial use to vendors such as the University of California, Berkeley (BSD,) Microsoft (Xenix,) IBM (AIX) and Sun Microsystems (SunOS/Solaris.)
The Unix philosophy is characterised by a modular design, which presents a set of simple tools, for well-defined functions, with a unified filesystem acting as the main means of communication. There have been many clones of Unix since, with Linux now proving to be more popular for server platforms than the “true” Unix operating systems. Each “true” Unix filesystem is based on the same architecture, making Unix data recovery fairly easy, even for a new variant.
Features of Unix File Systems
Unix file systems are defined by a superblock, which specifies all the parameters required to mount it, using the operating system. The file system itself is split into cylinder groups, each comprised of a backup copy of the superblock, cylinder group header, which defines statistics and free block lists. Each cylinder group defines a set of inodes which are predefined at format time, containing the file and directory attributes. These are followed by the data blocks, used for file storage.
The original Unix file system contained only a single cylinder group, but as disks became larger this caused problems, with the disk performing a large number of seeks, called thrashing. Multiple cylinder groups have helped to lessen this, and thereby speed the file system up. A later addition was to also add journaling to the file system, allowing easy recovery of the file system by the operating system after a crash or power failure.
Unix File System Internal Features
The inodes contain the metadata for the individual files, with allocation data for larger files, requiring the use of indirect allocation blocks. Each block is individually listed, which for larger files is inefficient if those the data blocks are sequential in order.
Directory files, allocate space in which the file names, with their associated inodes are stored. These are the only location where the file name is listed, so the loss of any directory inode or the directory information can have drastic consequences for the file system.
Unix File System Data Recovery
As explained, Unix file systems follow a well-defined architecture, so data recovery from a new file system is relatively simple. It is a matter of encoding the new data structures, in order to produce a new data recovery solution. Unfortunately the nature of the filesystem, means that the loss a directory file, means the loss of the names of the files located in that directory. As long as the inodes and the associated allocation can be found, these files are recoverable, but their original name is lost.
Reformatting a Unix file system results in all the inodes, which are in fixed positions being cleared. This makes a data trawl the only viable option in such cases, by processing the space unused by the system areas of the file system.