Le mer 24/07/2002 à 20:38, saliskorat_private a écrit : > Is there any value to mounting and analysing a linux swap partition ? You don't want to mount it, since that would mean that the kernel would page stuff out and overwrite it. You can't mount it RO either since it's pointless for swap. Consider the swap partition as a large binary file, which will contain chunks of the memory space (data mostly) of process that were running when the machine was stopped. You *might* find something but it's not very likely; you could use strings(1) on it for example. But it's not likely you'd find something because the swap is basically not used until the system really has to (id est: is running out of physical memory), and even then, it tries (depending on which vm subsystem you're using) to write to disk only the stuff that's not used the most. ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jul 31 2002 - 07:42:20 PDT