Ah, that got it. Now that I've stepped back and looked at your comments, it makes perfect sense. Thanks to all for the assist. -----Original Message----- From: Grega Bremec [mailto:gregabat_private] Sent: Tuesday, April 01, 2003 10:20 PM To: forensicsat_private Subject: Re: Linux, dd, and image file ...and on Tue, Apr 01, 2003 at 08:31:10AM -0800, Sabol, Paul used the keyboard: <snip> > Basically, I md5 the original drive, make a working directory on my Linux > drive, and then 'dd if=/dev/hdc of=testing.bin conv=notrunc,noerror,sync". > I then make a /mnt/windows directory to be used as the mount point and chmod > 777 this directory. All well and fine, but you've just created an image of the entire hard drive, my friend, which is why mount is complaining, as there clearly isn't a valid superblock, but instead a master boot record. :) You should check out the partition table using "fdisk -l /dev/hdc", then "dd if=/dev/hdc1 ..." if the NTFS partition is the first and/or the only one on that disk, or use the corresponding partition number. <snip> > I do the following: > > # losetup /dev/loop0 testing.bin > # mount -r -t ntfs /dev/loop0 /mnt/windows Just a note: the following is also possible and saves you one step: $ mount -t ntfs -o loop ./testing.bin /mnt/windows Cheers & good luck, -- Grega Bremec grega.bremec-at-gbsoft.org http://najdi.si/ http://www.gbsoft.org/ http://www.noviforum.si/ ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Apr 02 2003 - 14:25:11 PST