Try searching for the hex string "fd1701308201130201010420".
In old wallet files, a 32 byte sequence following the above string will be your private key.
Does this look right?
grep -i -a -B10 -A100 --binary --text --perl-regexp 'fd1701308201130201010420' /dev/sda1
Doing some research I just read a blog that says wallet encryption was not until version 0.4.0 on September 23, 2011?
If that is correct does that mean the wallet.dat before that date are plain text or still Berkerely DB? If it is in Berkerely DB would that mean I could retrieve the entire wallet including all keys by simply using db_dump.py on a found wallet.dat file?
thx