If file is deleted but there's at least one fd, it can be accessed by /proc/$pid/fd/$fd.
It's possible to get all info as if it's just a regular file. Even some GUI apps can open files from there.
But what can I do if deleted file is only mentioned in memory mappings(/proc/$pid/maps)? It's possible to get device, inode and contents of mapped part. But is there a way to get full file size, mtime, ctime and contents of nonmapped parts?
Mapped files are accessible though /proc/$pid/map_files/. Root permissions are required to read the contents.