> q> Does anyone know how to recover delete files on NetBSD ? I'm
> looking for something like unrm, but couldn't find one.
> a> You can't undelete (unless you halt the system IMMEDIATELY and do
> forensics that may take days, lots of caffeine and headache pills)
> There are people that make a living out of it... how much is that
> file worth? :)

That's the common wisdom. It turns out it's also outdated. It's way 
easier to undelete files than that after all as long as you get to the 
drive in time, and take a snapshot of it.

After that, all you have to do is follow the instructions in SleuthKit 
for a UFS volume and you can pluck all kinds of interesting things out 
of the drive structure. There's even a GUI for it to streamline the 
process called Autopsy Browser.

Find more info here:

http://www.sleuthkit.org/

... I've downloaded it, compiled it, and used it successfully on NetBSD 
twice now.

> q> How do I prevent losing files then?
> a> Many system administrators employ "trashcan/"trashbin" libraries,
> so they PRELOAD the libraries and they hook the unlink() calls,
> normally moving them to a "trash" directory. A quick browse on your

That would be horrible: files aren't actually deleted when I type "rm 
file"?

P.S. Please reply-to the reply-to: in this note and send only to the 
list.