LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-07-2014, 04:58 PM   #1
MichaelStein
LQ Newbie
 
Registered: Apr 2014
Posts: 14

Rep: Reputation: Disabled
Cannot determnine patition type


Hi there,

I have been trying to learn sleuthkit forensic tools from https://sysforensics.org/2012/02/. I downloaded some iso images to practice on from here: http://www.dftt.org/test14/. It's called iso-dirtree.iso.

However when I try:

Code:
mmls /home/sansforensics/Desktop/Images/iso-dirtree.iso
it responds:

Code:
Cannot determine partition type.
What does it mean that it cannot determine the partition type? Also, how can I fix this?

I am VERY new to this, and it would really help if someone explained this to me.
Thanks in advance
 
Old 05-07-2014, 05:06 PM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,577
Blog Entries: 14

Rep: Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969
Just because it has a ".iso" extension doesn't mean it is IS an iso image. What happens if you run "file /home/sansforensics/Desktop/Images/iso-dirtree.iso" as compare to when you run the "file" command against other .iso files you downloaded?
 
Old 05-07-2014, 05:16 PM   #3
MichaelStein
LQ Newbie
 
Registered: Apr 2014
Posts: 14

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by MensaWater View Post
Just because it has a ".iso" extension doesn't mean it is IS an iso image. What happens if you run "file /home/sansforensics/Desktop/Images/iso-dirtree.iso" as compare to when you run the "file" command against other .iso files you downloaded?
Ok, I tried your suggestion. This is what I got:

Code:
/home/sansforensics/Desktop/Images/iso-dirtree1.iso: broken symbolic link to `/home/sansforensics/Desktop/Images/iso-dirtree1.iso'
Then I tried it on another .iso file and I got the following:

Code:
sansforensics@siftworkstation:~$ file ~/Downloads/Image.iso
/home/sansforensics/Downloads/Image.iso: # ISO 9660 CD-ROM filesystem data '1806_06052014
Also, what do you mean when you say "just because it has an .iso extension doesn't mean it is an iso image"? What else could it be?
 
Old 05-07-2014, 11:53 PM   #4
AndyDP
LQ Newbie
 
Registered: Mar 2007
Location: New York, NY
Distribution: Debian basis, Suse, StartOS
Posts: 21

Rep: Reputation: 1
Renaming a file

Quote:
Also, what do you mean when you say "just because it has an .iso extension doesn't mean it is an iso image"? What else could it be?
One can incorrectly add a meaningless file extension by renaming a file.

The only way the description (ie: file extension)is valid is if the file acts like, and is composed of the correct elements, in a useful order.

If the file does not act like an .iso, it can't function as one.
 
Old 05-08-2014, 01:48 AM   #5
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian i686 (solaris)
Posts: 8,104

Rep: Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267
Quote:
Originally Posted by MichaelStein View Post
Also, what do you mean when you say "just because it has an .iso extension doesn't mean it is an iso image"? What else could it be?
In the MS Windows world the extension has meaning because it is used to specify the type of the file. In the unix/linux world that extension is not used to determine anything therefore you are allowed to modify it as you like. So the extension .iso may mean that is is a disk image, but may not mean that. (You can even rename an executable or an excel sheet to anything.iso) - you are allowed to follow any kind of convention to name your files. To identify a file type in linux you need to use the command file. see man file about the usage.
 
1 members found this post helpful.
Old 05-08-2014, 08:46 AM   #6
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,577
Blog Entries: 14

Rep: Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969
Quote:
Originally Posted by MichaelStein View Post
Code:
/home/sansforensics/Desktop/Images/iso-dirtree1.iso: broken symbolic link to `/home/sansforensics/Desktop/Images/iso-dirtree1.iso'
Then I tried it on another .iso file and I got the following:

Code:
sansforensics@siftworkstation:~$ file ~/Downloads/Image.iso
/home/sansforensics/Downloads/Image.iso: # ISO 9660 CD-ROM filesystem data '1806_06052014
Also, what do you mean when you say "just because it has an .iso extension doesn't mean it is an iso image"? What else could it be?
OK your first file isn't actually an iso - it says it is a broken link but it shows it is linked to itself which is odd.


The broken link should be removed with "rm /home/sansforensics/Desktop/Images/iso-dirtree1.iso". You can then redownload the iso and try again.


As others have already noted my comment about its name not necessarily proving its purpose is because UNIX/Linux names can be pretty much anything you want. Ideally the extensions people put on names are indicative of what type of file they are but it isn't always the case. In fact you could name a file with multiple dots and/or extensions longer than 3 characters because they aren't truly extensions in the DOS/Windows sense but rather just characters in a file name. In fact you can even use spaces in file names but don't really want to because then you have to remember to put quotes in the reference. So you could create a file with the touch command:
touch "this here file name has spaces and it has.dots.to.confuse.people_and_I_end_it_in_.sh_to_annoy_others.sh"
If you then ran:
ls -l this
You'd not see the file because that isn't its name.
ls -l this* would show it.
ls -l "this here file name has spaces and it has.dots.to.confuse.people_and_I_end_it_in_.sh_to_annoy_others.sh" would of course also show it.

Last edited by MensaWater; 05-08-2014 at 09:03 AM.
 
1 members found this post helpful.
Old 05-08-2014, 02:17 PM   #7
MichaelStein
LQ Newbie
 
Registered: Apr 2014
Posts: 14

Original Poster
Rep: Reputation: Disabled
@MensaWater

Thanks for responding.

So if I understand you correctly, Linux is unable to identify what type of file it is (just based on its extension)?

The difficulty I am having understanding this is that how does Linux ever identify what type of file it is? Is there something more internal to the file itself than just the extension?
 
Old 05-08-2014, 03:27 PM   #8
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,577
Blog Entries: 14

Rep: Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969
Linux DID identify the file type. It was a symbolic link. It further told you it was a "broken" link. The output you gave suggests it is broken because it is linked to itself. Possibly removing the file would remove the link on top of the "real" file and you'd see the real file but that isn't guaranteed. Since broken link isn't helping doing the remove would be a good start.

The "file" command looks for "magic number" and/or other details (e.g. permissions on a file) to determine what kind of file it is. (That is to say an ascii file with only read/write permissions has no "magic number" so it will tell you it is "ascii" or "txt" but the same file with execute permissions it might suggest to you is a shell executable (on the theory that you'd not put execute on simple text files).

What "file" does NOT do is assume your file is an iso (or a tar or a shell script) just because it is named with .iso (or .tar or .sh). Putting those suffixes on files is done by "convention" not by "requirement". It is perfectly valid to call all your iso files with NO extension or with a .billybob extension or any other suffix you'd like to put on them.

If you type "man file" it will give you details on how the "file" command works.

Note that "file" will NOT always tell you exactly what you have but it is a good starting point in trying to verify that you have what you think you do.

Another clue comes from the "ls" command. Doing "ls -l" on the file you have with .iso will show you more details about it including permissions, owner, group AND what it is linked to. For symbolic links running "ls -lL" will show you those details for the file it is linked to instead of the link file.

For example on RHEL systems the /etc/init.d directory where init (startup/shutdown) scripts live is actually a symbolic link:
ls -l /etc/init.d
lrwxrwxrwx. 1 root root 11 Mar 9 2011 /etc/init.d -> rc.d/init.d
The "l" shows the type is a symbolic clink, the rwxrwxrwx shows it is read/write/execute for owner, group and everyone. The the "root root" shows it is owned by root and grouped to root. The "->" shows that it is linked to rd.d/init.d (and since that doesn't start with "/" you know it is relative to /etc so it is linked to /etc/rc.d/init.d).

If you then do ls -lL /etc/init.d you get different output which is a list of files in rc.d/init.d (because it turns out that is a directory rather than just a file). You can add the "-d" flag to ls to make it show the permissions on a directory instead of showing you its contents:
ls -lLd /etc/init.d shows:
drwxr-xr-x. 2 root root 4096 Apr 22 07:55 /etc/init.d
Which is the same as you'd get doing the ls on the linked directory:
ls -lLd /etc/rc.d/init.d
drwxr-xr-x. 2 root root 4096 Apr 22 07:55 /etc/rc.d/init.d
The d at start of both of those show it is a direcotyr. The rwxr-x-r-x shows read/write/execute for owner, but only read/execute for group and everyone else. (For directories the "x" doesn't make them executable but instead allows access to items in the directory.)
 
Old 05-08-2014, 03:35 PM   #9
yancek
LQ Guru
 
Registered: Apr 2008
Distribution: PCLinux, Slackware
Posts: 6,869

Rep: Reputation: 1247Reputation: 1247Reputation: 1247Reputation: 1247Reputation: 1247Reputation: 1247Reputation: 1247Reputation: 1247Reputation: 1247
pan64 explained above. Use the file command. The details of how this works behind the scenes might be explained by someone but not myself as I have no idea. In a terminal do: touch junk.iso. this creates a file by that name and if you run: find junk.iso you will get:

Quote:
junk.iso: empty
The reason it shows "empty" is because it is. I then open it in a text editor and type a short line and save it and re-run the command:

file junk.iso and get the following output:

Quote:
junk.iso: ASCII text, with no line terminators
On a file named file HD2.pdf, if I run file HD2.pdf I get:

Quote:
HD2.pdf: PDF document, version 1.5
That would be how you determine the file type. Behind the scenes what it doesn is briefly explained at the site below and if you do an online search I am sure you will find more detailed informaiton:

http://www.linfo.org/file_command.html
 
Old 05-09-2014, 01:18 AM   #10
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian i686 (solaris)
Posts: 8,104

Rep: Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267
Quote:
Originally Posted by MichaelStein View Post
@MensaWater

Thanks for responding.

So if I understand you correctly, Linux is unable to identify what type of file it is (just based on its extension)?

The difficulty I am having understanding this is that how does Linux ever identify what type of file it is? Is there something more internal to the file itself than just the extension?
Yes, the file command itself tries to analyze the file you want to identify. It has a built in algorithm and a database to recognize different kind of file types - based on the content and not on its extension. It will not be able to detect everything just the ones which are known by that internal database.
 
  


Reply

Tags
linux command


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Patition disk on linux shubhamuddu Linux - Newbie 15 10-09-2013 06:30 AM
can /swap be in an extended patition? poiuytrewq Linux - Newbie 1 09-19-2004 06:35 PM
how do i copy from a directory from one patition to another? webazoid Linux - Software 1 07-14-2004 05:47 PM
Accessing FAT32 patition henry_s Linux - Newbie 2 10-26-2003 05:57 PM
post your patition scheme :P [cacheflow] Linux - General 13 05-10-2002 01:46 PM


All times are GMT -5. The time now is 06:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration