LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-31-2012, 10:53 PM   #1
liamtsw
LQ Newbie
 
Registered: May 2012
Posts: 11

Rep: Reputation: Disabled
Viewing a copy made using dd


I am a newbie when it comes to Linux. I am currently taking a class and my assignment was to download a file,evidence1.dd,an make a copy on to a flash drive using dd. I successfully made the copy and verified the hashes are the same. I set up the drive.


sudo dd if=/dev/zero of=/dev/sdb bs=8192
sudo dd if=evidence1.dd of=/dev/sdb1 bs=8192
sudo dd if=/dev/sdb1 of=sweeney.case01.dd bs=8192
sudo sha1sum /dev/sdb1 sweeney.case01.dd

My question is how do I view the files on the flash drive ? I am sure its simple to most of you. Like I said I am new and I have been trying to figure it out on my own but I could use some help. Thanks in advance.
 
Old 05-31-2012, 11:08 PM   #2
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Hi, welcome to LQ!

There's a few unnecessary steps in there, really, you could have
just copied evidence1.dd to sweeney.case01.dd using
cp evidence1.dd sweeney.case01.dd

And then you could use mounting the image via loopback to see
the files in/on the image.

From man mount
Code:
THE LOOP DEVICE
       One further possible type is a mount via the loop device. For example, the command

         mount /tmp/fdimage /mnt -t vfat -o loop=/dev/loop3

       will set up the loop device /dev/loop3 to correspond to the file /tmp/fdimage, and then mount this device on /mnt.

       This type of mount knows about four options, namely loop, offset, sizelimit and encryption, that are really options  to  losetup(8).
       If  the mount requires a passphrase, you will be prompted for one unless you specify a file descriptor to read from instead with the
       --pass-fd option.  (These options can be used in addition to those specific to the filesystem type.)

       If no explicit loop device is mentioned (but just an option `-o loop' is given), then mount will try to find some unused loop device
       and use that.

       Since Linux 2.6.25 is supported auto-destruction of loop devices and then any loop device allocated by mount will be freed by umount
       independently on /etc/mtab.

       You can also free a loop device by hand, using `losetup -d' or `umount -d`.

Cheers,
Tink
 
1 members found this post helpful.
Old 06-01-2012, 12:13 AM   #3
liamtsw
LQ Newbie
 
Registered: May 2012
Posts: 11

Original Poster
Rep: Reputation: Disabled
Tinkster,
I tried your solution and the results were:


sudo mount /dev/sda /mnt -t vfat -o loop=/dev/loop3[sudo]
password for liam:

mount: wrong fs type, bad option, bad superblock on /dev/loop3,
missing codepage or helper program, or other error
In some cases useful info is found in syslog - try
dmesg | tail or so
 
Old 06-01-2012, 01:00 AM   #4
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
That's not "my solution", that's reading material that's meant to give you
an idea of how one goes about mounting a loop-back device, quoting mounts
man-pages.


What you want to do is something like this:
sudo mount sweeney.case01.dd /mnt/ -t vfat -o loop=/dev/loop3
which may or may not work ... depending on whether mount is in use
in other ways.

You may want to create a separate mount-point instead, e.g.:
sudo mkdir /mnt/loop3
and then
sudo mount sweeney.case01.dd /mnt/loop3 -t vfat -o loop=/dev/loop3


If the first step fails w/ an error don't run the second.

Cheers,
Tink
 
1 members found this post helpful.
Old 06-01-2012, 01:31 AM   #5
allend
Senior Member
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 4,433

Rep: Reputation: 1353Reputation: 1353Reputation: 1353Reputation: 1353Reputation: 1353Reputation: 1353Reputation: 1353Reputation: 1353Reputation: 1353Reputation: 1353
Quote:
sudo dd if=/dev/zero of=/dev/sdb bs=8192
The above command has blanked the entire flash drive including track 0 that contains the partition table. If that was not your intention, then you will need to reformat the flash drive.
Perhaps you intended to merely blank the first partition, in which case the command is:
Code:
sudo dd if=/dev/zero of=/dev/sdb1 bs=8192
This is correct if evidence1.dd is a partition image.
Quote:
sudo dd if=evidence1.dd of=/dev/sdb1 bs=8192
If evidence.dd contains a dd image that includes track 0 information, then the command should be
Code:
sudo dd if=evidence1.dd of=/dev/sdb bs=8192
Quote:
sudo mount /dev/sda /mnt -t vfat -o loop=/dev/loop3
Your flash drive device is /dev/sdb and not /dev/sda

If evidence1.dd is a partition image on /dev/sdb1 then
Code:
sudo mount /dev/sdb1 /mnt -o loop
You should not need to specify the type, as mount can determine this.
If evidence1.dd contains track 0 information, then you will need an offset option (typically offset=32256 where 32256=63 sectors times 512 bytes/sector).
Code:
sudo mount /dev/sdb /mnt -o loop,offset=32256
 
2 members found this post helpful.
Old 06-01-2012, 01:36 AM   #6
liamtsw
LQ Newbie
 
Registered: May 2012
Posts: 11

Original Poster
Rep: Reputation: Disabled
Thanks for the help.This time I put

sudo mkdir /mnt/loop3
sudo mount sweeney.case01.dd /mnt/loop3 -t vfat -o loop=/dev/loop3



It is mounted now so thank you, for some reason I thought I would be able to see and open the files. Like I said I am new to Linux so thanks for your patience.
I did run

sudo xxd sweeney.case01.dd | less

and the result was this is not a bootable disk. please insert a bootable floppy and press any key.

From this I was able to identify 4 txt files and 4 jpeg files. which is all I needed to know for this part of my class. I just wanted to view the files and jpeg for my own curiosity and still do.
 
Old 06-01-2012, 01:53 AM   #7
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Quote:
Originally Posted by liamtsw View Post
Thanks for the help.This time I put

sudo mkdir /mnt/loop3
sudo mount sweeney.case01.dd /mnt/loop3 -t vfat -o loop=/dev/loop3



It is mounted now so thank you, for some reason I thought I would be able to see and open the files. Like I said I am new to Linux so thanks for your patience.
I did run

sudo xxd sweeney.case01.dd | less

and the result was this is not a bootable disk. please insert a bootable floppy and press any key.


From this I was able to identify 4 txt files and 4 jpeg files. which is all I needed to know for this part of my class. I just wanted to view the files and jpeg for my own curiosity and still do.
If you describe your working environment (cli, gui) you may yet be able to.

If you see the files as such you should be able to view them.

cd /mnt/loop3
less textfile_to_view
 
1 members found this post helpful.
Old 06-01-2012, 09:39 AM   #8
liamtsw
LQ Newbie
 
Registered: May 2012
Posts: 11

Original Poster
Rep: Reputation: Disabled
Thanks for all your help. I learned a lot. I was able to open the files unfortunately the were all in binary.I really do appreciate your time and patience.
 
Old 06-01-2012, 11:45 AM   #9
schneidz
LQ Guru
 
Registered: May 2005
Location: boston, usa
Distribution: fc-15/ fc-20-live-usb/ aix
Posts: 5,028

Rep: Reputation: 845Reputation: 845Reputation: 845Reputation: 845Reputation: 845Reputation: 845Reputation: 845
what is evidence1.dd ? please run
Code:
file evidence1.dd
and share the results with us.
 
Old 06-01-2012, 12:40 PM   #10
jefro
Moderator
 
Registered: Mar 2008
Posts: 15,394

Rep: Reputation: 2207Reputation: 2207Reputation: 2207Reputation: 2207Reputation: 2207Reputation: 2207Reputation: 2207Reputation: 2207Reputation: 2207Reputation: 2207Reputation: 2207
I got really confused in all of this.

Why didn't you dd the file to a flash drive?

What did you mean you verified the hashes? How did you do that?
 
Old 06-01-2012, 02:00 PM   #11
liamtsw
LQ Newbie
 
Registered: May 2012
Posts: 11

Original Poster
Rep: Reputation: Disabled
I ran evidence1.dd and

evidence1.dd: DOS floppy 1440k, x86 hard disk boot sector

I did image onto a flashdrive , jefro. Sorry for the confusion. I am taking a digital forensics class online and I`m out of my element. This was my first assignment, so i will have more questions. The assignment was simple download a file, evidence1.dd, and make a image onto the flash drive.then I was to verify the image by comparing the hashes, I used sudo sha1sum /dev/sdb1 sweeney.case01.dd, it showed me the orignal file i downloaded and the image were an exact copy nothing had been changed.I also have to type of reports of my findings. The assignment did not call for me to view the contents of the files , I was curious and wanted to know how to do this so I joined this forum and post a question. Thats basically it. thats for eveyones patience with me i know it can be frustrating at times because of my lack of Linux experience.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
dow copy copy-protected cds with dd commant gh_D_ir Linux - Software 4 04-01-2011 05:41 PM
boot up time increased when made a DD copy of fedora core3 HDD abhi9 Linux - Newbie 1 06-23-2008 06:13 AM
CLI copy is greater than GUI copy ?? 0_o killahsmurf Slackware 14 01-04-2006 12:53 PM
Viewing no of posts made in each forum? vharishankar LQ Suggestions & Feedback 2 10-01-2004 12:03 AM
boot error after using Copy Commander to copy debian system onto larger new drive Interceptor Linux - Hardware 7 05-04-2003 01:40 PM


All times are GMT -5. The time now is 11:14 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration