Adam Bell
asked on
How to recover data from mysql 5.x
Hello
I have been tasked with trying to recover data from a legacy service win2003/mysql5.4. the server file system has been damaged by ransomware, specifically Dragon4444, possibly MBR and/or individual file damage.
So I am guessing its more of a data recovery job, so if it proves possible to recover files from the mysql directory, does anyone know of a way to attempt to restore even the text contents? structure if possible. Or try to reconstruct on a spare machine ?
All passwords available.
thanks in advance
thanks in advance
I have been tasked with trying to recover data from a legacy service win2003/mysql5.4. the server file system has been damaged by ransomware, specifically Dragon4444, possibly MBR and/or individual file damage.
So I am guessing its more of a data recovery job, so if it proves possible to recover files from the mysql directory, does anyone know of a way to attempt to restore even the text contents? structure if possible. Or try to reconstruct on a spare machine ?
All passwords available.
thanks in advance
thanks in advance
if the file is encrypted then there is nothing you can do except replace it from a backup.
ASKER
Thanks David. Dragon4444 is part ransomware which I was able to clean. And part cryptovirus. It seems it has encrypted quite a lot of data but may have been interrupted before it could get to the mysql directory. i plan to block the disk and try and access the mysql directory.
if successful I am think about how to handle any recovered files - maybe a fresh install of same version mysql and try to replace the schema and data from the damaged server.
Open to any possible method that has a fighting chance as the backups were encrypted before it could be interrupted.
thanks
if successful I am think about how to handle any recovered files - maybe a fresh install of same version mysql and try to replace the schema and data from the damaged server.
Open to any possible method that has a fighting chance as the backups were encrypted before it could be interrupted.
thanks
you can copy over the .mdf/ldf files and try
It's unlikely you can play any games with your raw MySQL files to recover data.
Either all /var/log/mysql files are encrypted or none are encrypted.
You can easily make this determination by running a simple command...
If both commands fail, then you'll require a full restore, from a backup.
Tip: mysql5.4 is very old. Likely good to upgrade your database also.
Tip: If you have a backup copy of /var/lib/mysql raw data files that are pristine, these can be dropped onto pretty much any version of MariaDB + MariaDB will happily convert them from mysql5.4 to MariaDB-10.3.X (as it's best to use latest MariaDB for in place updates like this).
Either all /var/log/mysql files are encrypted or none are encrypted.
You can easily make this determination by running a simple command...
mysql -u$user -p$pass -e "SHOW DATABASES"
then, for one database...mysql -u$user -p$pass -e "SHOW TABLES" $dbname
If both commands fail, then you'll require a full restore, from a backup.
Tip: mysql5.4 is very old. Likely good to upgrade your database also.
Tip: If you have a backup copy of /var/lib/mysql raw data files that are pristine, these can be dropped onto pretty much any version of MariaDB + MariaDB will happily convert them from mysql5.4 to MariaDB-10.3.X (as it's best to use latest MariaDB for in place updates like this).
ASKER
thanks to both, will test.
Another dirt simple trick you can use, if you have the strings command available.
Just run strings on one of your database files + if any human readable text displays.
Good luck!
Just run strings on one of your database files + if any human readable text displays.
Good luck!
If the database is still accessible: make an export using mysqldump....
if the database is not accessible for mysql ==> you need your backups.
if the database is not accessible for mysql ==> you need your backups.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I'd go on step further, regards skullnobrains comment.
Since you're running MySQL, just offload your database to a Linux machine... either short term or long term...
The continue working with to recover other files used by Windows.
Since you're running MySQL, just offload your database to a Linux machine... either short term or long term...
The continue working with to recover other files used by Windows.
ASKER
spot on, thank you
You're welcome!
Good luck!
Good luck!