"grep: memory exhausted" error on large partition

grep partition data-recovery out-of-memory
6,637

The grep program reads a line at a time into memory. A line is defined as everything after one newline character and up to the next one. With binary data, there could be a very large space without any newlines.

You could try using grep -z. This tells grep to treat null bytes as the input record separator instead of newlines. Extremely large chunks of binary data are less likely to contain no null byte than no newline. In practice, the most likely chunk of data with no newline is a long sequence of null bytes in an area of the disk that's never been written to yet. Large amounts of text data containing no null bytes are likely to not be so large as to exhaust memory. Another benefit of grep -z is that the output will contain whole blocks (typically 1–4kB) of text, not just one line.

Instead of grep, you could try a dedicated utility such as PhotoRec (part of TestDisk). Despite the name, it isn't limited to photos. These utilities know the filesystem structure, so they can sometimes recover a deleted file that spanned multiple non-consecutive blocks.

Of course there's never any guarantee that you will be able to recover old data. It may have been overwritten.

Share:
6,637

Related videos on Youtube

plokijuh
Author by

plokijuh

Updated on September 18, 2022

Comments

  • plokijuh
    plokijuh almost 2 years

    I was editing a text file with my notes on linux commands when I noticed a big chunk of it was missing (copy without paste, probably). The problem is that I already saved the document. (And this is a simple editor, so no hidden copies)

    Now I found a number of blog posts (this one inparticular for instance), which show how you can easily search through a partion for text strings using grep:

    $ sudo grep -a -C100 'sudo lshw -c' /dev/sdb2 > file.txt

    But I get this after a while:

    grep: memory exhausted

    I understand from this answer that it is about grep reading lines bigger than memory, so I guess I need similar code but without find.

    It is 2 TB NTFS partition on a 3 TB harddisc.

    • mikeserv
      mikeserv about 9 years
      Try strings | grep, maybe. And there's always fold or cut or, - as I usually prefer, dd cbs="$length" conv=unblock <blkdev | grep

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

recovering ext4 partition after dd'ing over start of HD
Restoring a big partition to a smaller partition with Clonezilla
How to recover the partition table (Windows, Ubuntu) of an unallocated disc?
Use testdisk and gpart information to mount ext4 partition
mount: wrong fs type, bad option, bad superblock on /dev/sdb on CentOS 6.0
How to recover data from a corrupted ext3 partition?
Accidentally deleted the partitions on my boot disk. The system is still running. How can I recover?
mount: wrong fs type, bad option, bad superblock on /dev/sdb on CentOS 6.0
How to clone a NTFS partition (WinXP) from a damaged disk to a new one?
How do I find the offset of an ext4 filesystem?