Forensics
Linux, dd, and image file Apr 01 2003 04:31PM
Sabol, Paul (PSABOL mgmmirage com) (6 replies)
Re: Linux, dd, and image file Apr 03 2003 04:31PM
Paul Hoyt Nelson (pnelson thumper lerc nasa gov)
Paul,

Regarding the partition offsets; Here is information on an enhanced
loopback driver that understands partition tables and allows per
partition manipulation:

ftp://ftp.hq.nasa.gov/pub/ig/ccd/enhanced_loopback/

Once an imaged is associated with a loop device, such as /dev/loopa,
the individual partitions are referenced just like physical
partitions, ie /dev/loopa1, /dev/loopa2, etc...

Paul
------------------------------------------------------------------------
----
TI Paul Hoyt Nelson Paul.Nelson (at) Grc.NASA (dot) GOV [email concealed]
Computer Crimes Division 216.433.9747 (voice)
Office of the Inspector General 800.759.8255 PIN 1630358 (pager)
National Aeronautics and Space Administration 216.433.3597 (STU III)
------------------------------------------------------------------------
----

On Tue, Apr 01, 2003 at 08:31:10AM -0800, Sabol, Paul wrote:
> I have been trying to mount an NTFS image file based on a procedure I had
> for mounting floppy disk images and viewing them read only.
>
> Basically, I md5 the original drive, make a working directory on my Linux
> drive, and then 'dd if=/dev/hdc of=testing.bin conv=notrunc,noerror,sync".
> I then make a /mnt/windows directory to be used as the mount point and chmod
> 777 this directory.
>
> The binary file is created fine, and the md5 hash of the file is the same as
> the original drive. But here is where I get stuck.
>
> I do the following:
>
> # losetup /dev/loop0 testing.bin
> # mount -r -t ntfs /dev/loop0 /mnt/windows
>
> It keeps telling me:
>
> mount: wrong fs type, bad option, bad superblock on /dev/loop0,
> or too many mounted file systems
>
> I am sure there are not too many mounted file systems, and I am sure the
> original drive from which the dd came was NTFS. I have ntfs compiled in the
> kernel. I'm using Red Hat 8.0 for this.
>
> Anyone have any ideas, or is what I am attempting even possible?
>
>
>
> Paul G. Sabol
>
>
> -----------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

[ reply ]
Re: Linux, dd, and image file Apr 02 2003 12:25PM
Jesse Kornblum (jesse kornblum ogn af mil)
Re: Linux, dd, and image file Apr 02 2003 09:02AM
Birger Toedtmann (btoedtmann exp-math uni-essen de)
Re: Linux, dd, and image file Apr 02 2003 06:19AM
Grega Bremec (gregab gbsoft org) (1 replies)
Re: Linux, dd, and image file Apr 02 2003 03:28PM
Brian Carrier (carrier cerias purdue edu) (1 replies)
Re: Linux, dd, and image file Apr 02 2003 04:35PM
Volker Tanger (volker tanger discon de)
Re: Linux, dd, and image file Apr 02 2003 04:29AM
crazytrain (subscribe crazytrain com)
Re: Linux, dd, and image file Apr 02 2003 03:30AM
Luis Gomez (lgomez infoemergencias com)


 

Privacy Statement
Copyright 2010, SecurityFocus