Difference between pages "Mounting Disk Images" and "SNARL"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (Category:Howtos)
 
(Created page with "{{Deprecated Software}} {{expand}} {{Infobox_Software | name = Penguin Sleuthkit | maintainer = Dave Bullock | os = {{FreeBSD}} | genre = {{Live CD}} | license...")
 
Line 1: Line 1:
= FreeBSD =
+
{{Deprecated Software}}
  
To mount a disk image on [[FreeBSD]]:
+
{{expand}}
  
First attach the image to unit #1:
+
{{Infobox_Software |
   # mdconfig -a -t vnode -f /big3/project/images/img/67.img -u 1
+
   name = Penguin Sleuthkit |
 +
  maintainer = [[Dave Bullock]] |
 +
  os = {{FreeBSD}} |
 +
  genre = {{Live CD}} |
 +
  license = {{GPL}}, others |
 +
  website = http://sourceforge.net/projects/snarl/ |
 +
}}
  
Then mount:
+
A [[FreeBSD]] based [[Live CD]] that includes Autopsy and Sleuth Kit.
  # mount -t msdos /dev/md1s1 /mnt
+
  
  # ls /mnt
+
== External Links ==
  BOOTLOG.PRV    BOOTLOG.TXT    COMMAND.COM    IO.SYS          MSDOS.SYS
+
* [http://sourceforge.net/projects/snarl/ Project site]
 
+
To unmount:
+
 
+
  # umount /mnt
+
  # mdconfig -d -u 1
+
 
+
To mount the image read-only, use:
+
 
+
  # mdconfig -o readonly -a -t vnode -f /big3/project/images/img/67.img -u 1
+
  # mount -o ro -t msdos /dev/md1s1 /mnt
+
 
+
= Linux =
+
 
+
==To mount a disk image on [[Linux]]==
+
 
+
 
+
 
+
# mount -t vfat -o loop=/dev/loop0,ro,noexec img.dd /mnt
+
-or-
+
# mount -t vfat -o loop=/dev/loop/0,ro,noexec img.dd /mnt
+
 
+
The '''''ro''''' is for read-only.
+
 
+
This will mount NSRL ISOs:
+
 
+
  # mount /home/simsong/RDS_218_A.iso /mnt/nsrl -t iso9660 -o loop=/dev/loop3,ro,noexec
+
 
+
 
+
Some raw images contains multiple partitions (full HD image). In this case, it's necessary to specify a starting offset for each partition.
+
 
+
# mount -t vfat -o loop=/dev/loop0,offset=32256,ro,noexec img.dd /mnt/tmp_1
+
# mount -t vfat -o loop=/dev/loop1,offset=20974464000,ro,noexec img.dd /mnt/tmp_2
+
 
+
 
+
'''Note: You may need to say /dev/loop/0 instead of /dev/loop0 on some systems'''
+
 
+
==To unmount==
+
 
+
# umount /mnt
+
 
+
[[Category:Howtos]]
+

Latest revision as of 05:29, 28 July 2012

40px-Ambox warning pn.png

This tool is deprecated.
The tool that this page describes is deprecated and is no longer under active development.
Further information might be found on the discussion page.

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Penguin Sleuthkit
Maintainer: Dave Bullock
OS: FreeBSD
Genre: Live CD
License: GPL, others
Website: http://sourceforge.net/projects/snarl/

A FreeBSD based Live CD that includes Autopsy and Sleuth Kit.

External Links