Tools
bmap
by Daniel Ridge, newt (at) scyld (dot) com [email concealed]
Platforms: Linux
Categories: Auditing, Forensics, Linux, System Security Management
Version: 1.0.17
URL:
The Linux kernel includes a powerful, filesystem independant mechanism for mapping logical files onto the sectors they occupy on disk. While this interface is nominally available to allow the kernel to efficiently retrieve disk pages for open files or running programs, an obscure user-space interface does exist. This is an interface which can be handily subverted (with bmap and friends) to perform a variety of functions interesting to the computer forensics community, the computer security community, and the high-performance computing community.

    Tools
 
Comments Mode:


 

Privacy Statement
Copyright 2010, SecurityFocus