|
I cant mount NTFS file system... please help..
I am trying to mount my NTFS drives in Linux using NTFS-3g. But an error message is displayed when mounting starts.""[FATAL: Module fuse not found.
NTFS signature is missing. Failed to mount '/dev/sda1': Invalid argument The device '/dev/sda1' doesn't seem to have a valid NTFS. Maybe the wrong device is used? Or the whole disk instead of a partition (e.g. /dev/sda, not /dev/sda1)? Or the other way around?]"" anybody help me.... |
Please provide exact command used. Also useful to know is the distro that you're using.
|
We need some additional information to solve this issue. First tell us which linux distribution are you running on (you can also add this information in your LQ profile, so that it will be displayed in the left panel of every post). Then can you post the output of the following command (as root):
Code:
fdisk -lThe problem is that you miss the fuse module loaded into your running kernel - as the error message clearly states. However, without knowing which distro are you running it's quite difficult to give further help. |
Hi guys, running 9.10 Ubuntu, I am mounting a dd image of an entire HDD
Code:
sudo fdisk -l tbg1.imgCode:
sudo mount ./tbg1.img /media/test/ |
If it is an image that you are mounting then you should consider dropping -t ntfs option from the command. You are not mounting any file system. You should use this option when you are mounting a partition that has been formatted as NTFS.
|
am... yes I did that, and:
Code:
sudo mount -o loop ./tbg1.img /media/testThe disk is a win 2000K disk which was bootable and I ddied to the image file. This is shown when I do the fdisk -l command. |
ntfs-3g is a good solution for NTFS. i mean i used that one long time ago without problems, only problem is a CPU load when reading/writing on that drives(i run rtorrent which seeds at 10mbit/s, so CPU usage at time i used ntfs was around 10% by ntfs-3g driver). but i don't think something may fix that(re-writing perhaps or removing ntfs ;) )
to mount NTFS partition after installation, run mount with option -t ntfs-3g it shall work. ubuntu users can use apt-get install ntfs-3g ntfsprogs and do the same. vol_id util is a useful thing too to get information about partition, ex: Code:
root@srvr:~# vol_id /dev/sdb1 |
thanks but no.
I have tried ntfs-3g, and one more try: Code:
rp@mrp-desktop:/media/usb/My Documents/2009/Work/vm$ sudo mount -o loop -t ntfs-3g ./tbg1.img /media/testI just want to analyse the image it is for forensic purposes so CPU cycles are not an issue, just image integrity but I am working on a copy anyhow. |
i believe .img is your previous NTFS partition image. it should first be placed onto HDD then mounted as partition... written or mounted. not really sure how to do it, didn't work with dd-created disk images(only backuped/restored USB that way once). correct me if i'm wrong.
|
web you silly russian... LOL sorry, it is late. No it is not a previous partition image. It is a hdd image yes. I could have called it anything, it is just a bit by bit copy of the entire HDD into a file. What you say makes sense, I could copy it back to a drive using dd, but I don't want to do that, I just want to mount the image file and do some analysis on it, in particular grokevt and reglookup.
Does anybody know how if I can copy the image onto a bigger drive? ie the image is 110GB and the smallest drive I have is 500GB? Any further ideas on mounting the .img file as a drive? And why am I getting the NTFS signature missing when I try to mount even though it is identified as NTFS by fdisk. Is it something to do with: Quote:
|
First you have to carve your disk image into partition images i.e. extract the partitons from the image. If you know your partition start and ending sections you can use dd to do it. For example if the partition you are interested in starts at block 163 and ends at block 264, the following will carve out that partition
Code:
dd if=disk.img bs=512 skip=163 count=101 of=partition.img |
thx. I did
Code:
dd if=./tbg1.img |hexdump -C|lessCode:
rp@mrp-desktop:/media/try$ sudo mmls ./TBG1/tbg1.imgCode:
sudo dd if=./TBG1/tbg1.img bs=512 skip=63 count=0234356157 of=/media/usb/tbg1_partition.imgWould love some help understanding the dd | hexdump of the raw image. |
If you run "file <image_file>" it may list start and end of the partitions on the disk. You can also run "fdisk -lu <image_file>" to list the partitions. The -u option uses 512 byte blocks which will prevent rounding errors.
You will probably find that the first partition is on block 63. Knowing the offset, you can use the "losetup" command to create a loop device for a partition inside the image file. sudo /sbin/losetup -fs <image_file> -o $((512*<starting_block>)) eg. sudo /sbin/losetup -fs <image_file> -o $((512*63)) The loop device created will be printed, eg: loop0 Now you can use the "file" command again to verify the last step worked and determine the filesystem: sudo file -s /dev/loop0 Next you can mount it: sudo mount -t ntfs /dev/loop0 /mnt There is no need to cut out the partition, unless your purpose is to restore a partition from a disk image. You can simply copy files after mounting it. You can even make changes now, deleting or adding files. |
guess that is why you are a moderator. Exactly what I was looking for and it worked perfectly. I have stopped the "extraction" since the image is 110GB it would have taken for ever and I need to get this report out this afternoon.
All it took in the end was the creation of the loop device with the losetup command. Thanks! |
hey....install the following 4 rpms...
dkms-2.0.20.4-1* dkms-fuse.2.7.4-1* fuse-2.7.4-1* fuse-ntfs-3g-2009.4.4-1* rpms it will be solved |
| All times are GMT -5. The time now is 09:12 PM. |