Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello, fairly new to the Linux world. I work for a public school and would really appreciate any help, i'm trying to help search a student device with CAINE. I'm trying to pull an image of the drive for analysis, first I'm trying to mount an external USB hard drive 'sdb' with read and write privileges so I can write to it and copy the image with Guymager tool. If i just try to mount with CAINE it automatically write protects anything.
I'm tried first as root user: mkdir /media/forensicA
Then: mount -o rw /dev/sdb /media/forensicA
but i get this error:
"wrong fs type, bad option, bad superblock on /dev/sdb/, missing codepage or helper program, or other error"
i've googled around but nothing specific that helps.
There's a scary thought - a new user let loose on a system using Caine and/or Kali ...
You don't generally (in a non-forensics world) mount devices, you mount partitions. So you probably want to mount /dev/sdb1 - whichever partition has an already formatted filesystem on it big enough for the purpose.
There's a scary thought - a new user let loose on a system using Caine and/or Kali ...
You don't generally (in a non-forensics world) mount devices, you mount partitions. So you probably want to mount /dev/sdb1 - whichever partition has an already formatted filesystem on it big enough for the purpose.
Thanks for the reply! I'm not sure if this info is useful but the student device I'm attempting to image and analyze is Windows 10, NTFS drive/partition.
Doesn't matter - presuming /dev/sdb is the target where you want to write the image. After all the image is just a file. Analyzing it later is a different matter, then you'll need the NTFS tools, but that shouldn't be a problem using what you have.
Plug the external in and run this from a Linux terminal.
Never work on the original filesystem, create a disk dump of it, then make a copy of it, then mount that to work on, to find the problem.
If you mess up, you should have a back up of the disk dump file to work on.
I create mine using dd, (see man dd), then you will need to loop mount the file to access the drive copy, (see man mount).
(You may need to install ntfs3g to acess the files.)
Thanks for the reply! Yes, thats what I'm trying to do, booting from USB live CAINE, then copy HD image to a external USB drive. My challenge is, i have only been able to mount the external drive as 'read only' , thus not allowing copy of HD image.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Mount read write please!
