Thanks for all the replies, none of them seemed to work for me though! Anyway I got it working using the below commands. BUT my question to the forensics guru's is will using the losetup and mke2fs effect the integrity of the dd image, I notice the inodes table gets updated... Is this a problem? I notice when I do a df -h from the source and destination (once mounted) I get different values? [root@fanta /root]# losetup /dev/loop0 hda5.bs1024.dd [root@fanta /root]# mke2fs /dev/loop0 1024 mke2fs 1.18, 11-Nov-1999 for EXT2 FS 0.5b, 95/08/09 Filesystem label= OS type: Linux Block size=1024 (log=0) Fragment size=1024 (log=0) 128 inodes, 1024 blocks 51 blocks (4.98%) reserved for the super user First data block=1 1 block group 8192 blocks per group, 8192 fragments per group 128 inodes per group Writing inode tables: done Writing superblocks and filesystem accounting information: done [root@fanta /root]# mount -o ro /dev/loop0 /mnt/boot/ [root@fanta /root]# mount /dev/hda5 on / type ext2 (rw) none on /proc type proc (rw) /dev/hda1 on /boot type ext2 (rw) none on /dev/pts type devpts (rw,gid=5,mode=620) /dev/loop0 on /mnt/boot type ext2 (ro) [root@fanta /root]# -----Original Message----- From: Eugen Cocalea [mailto:eugenat_private] Sent: Monday, December 30, 2002 6:16 PM To: Susan Chan Lee Cc: forensicsat_private Subject: Re: unable to mount fs for forensics Hi, I tried the same process as you did. I got first a failure and then, moving to a different machine and repeating the process, success. first machine (failure) - RedHat Linux 7.1 - kernel 2.4.5 (pretty fancy optioned) - fileutils 4.0.36 - mount-2.11b second machine (success) - RedHat Linux 7.2 - kernel 2.4.8 - fileutils 4.1 - mount-2.11g trying mount -o loop image.dd /mountpoint -vv I get: mount: going to use the loop device /dev/loop3 set_loop(/dev/loop3,ttt/image2.dd,0): success mount: setup loop device successfully EXT2-fs: loop(7,3): couldn't mount because of unsupported optional features (4).del_loop(/dev/loop3): success mount: wrong fs type, bad option, bad superblock on /dev/loop3, or too many mounted file systems so loop is no problem, i suppose that either defaults option of mount are a problem or dd. -- Eugen Cocalea || eugenat_private ex - Network Administrator @ isratech.ro|| Phone: +40 232 219992 Cell: +40 723 605070 On Dec 27, 2002, 1:59pm, Susan Chan Lee wrote: |SCL|Hi All |SCL| |SCL|Having some problems mounting a filesystem which I imaged using dd |SCL|for forensic testing. The below is what I am doing with little |SCL|success: |SCL| |SCL|1. dd the partition in question by - dd if=/dev/hda1 |SCL|of=/forensics/images/hda1.dd 2. create a mount point - mkdir |SCL|/mnt/boot 3. mounting the dd'ed fs with no success (tried a few |SCL|variations): |SCL| |SCL|# mount -o ro,loop,nodev,noexec forensics/images/hda1.dd mnt/boot |SCL|mount: wrong fs type, bad option, bad superblock on /dev/loop0, |SCL| or too many mounted file systems |SCL| |SCL|# mount -o ro,loop=/dev/loop1 forensics/images/hda1.dd /mnt/boot |SCL|mount: wrong fs type, bad option, bad superblock on /dev/loop1, |SCL| or too many mounted file systems |SCL| |SCL|As you can see I keep getting this wrong fs type error on both |SCL|loop0 and loop1. |SCL| |SCL|Any help appreciated. |SCL| |SCL|Thanks |SCL|Susan |SCL| |SCL| |SCL| |SCL|----------------------------------------------------------------- |SCL|This list is provided by the SecurityFocus ARIS analyzer service. |SCL|For more information on this free incident handling, management and |SCL|tracking system please see: http://aris.securityfocus.com |SCL| ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Dec 30 2002 - 08:06:01 PST