On Tuesday 12 August 2003 12:06 pm, shrink-wrapat_private wrote: > In-Reply-To: <MDEOKNCKAOFOENLIJCMJMELGCCAA.Sakabaat_private> <SNIP> > a line like should work: > [root@localhost root]#mount -t ntfs /windowsimage.img /mnt/windisk > Where windowsimage.img is the file you have dd'ed across to the forensics > machine and /mnt/windisk is a legit (unmounted) directory on your > forensics system. If you can't then there might be your answer. Ummmm... You need to specify a disk image to use the loopback device in Linux, which means loopback support must be available in the kernel, or as a module - most distribution kernels have this already. A good simple check for this is to see if you have the file /dev/loop0 present. Your mount command for this is: mount -t ntfs -o loop /windowsimage.img /mnt/windisk ^^^^^^^ F.I.R.E. is good - check out Knoppix! It is a very rich environment for most any task, and loads to a RAMdisk from read-only media. Knoppix is a self-hosting terminal server and offers remote network boot, etc. http://www.knopper.net/knoppix/index-en.html There is also a Security/Forensics specialty variant which has been recently established by another author: http://www.knoppix-std.org -- Jeremiah Cornelius, CISSP, CCNA, MCSE Information Security Technology email: jcorneliat_private - mobile: 415.235.7689 "What would be the use of immortality to a person who cannot use well a half hour?" --Ralph Waldo Emerson ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Aug 13 2003 - 19:06:57 PDT