Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I am a newbie when it comes to Linux. I am currently taking a class and my assignment was to download a file,evidence1.dd,an make a copy on to a flash drive using dd. I successfully made the copy and verified the hashes are the same. I set up the drive.
My question is how do I view the files on the flash drive ? I am sure its simple to most of you. Like I said I am new and I have been trying to figure it out on my own but I could use some help. Thanks in advance.
There's a few unnecessary steps in there, really, you could have
just copied evidence1.dd to sweeney.case01.dd using cp evidence1.dd sweeney.case01.dd
And then you could use mounting the image via loopback to see
the files in/on the image.
From man mount
THE LOOP DEVICE
One further possible type is a mount via the loop device. For example, the command
mount /tmp/fdimage /mnt -t vfat -o loop=/dev/loop3
will set up the loop device /dev/loop3 to correspond to the file /tmp/fdimage, and then mount this device on /mnt.
This type of mount knows about four options, namely loop, offset, sizelimit and encryption, that are really options to losetup(8).
If the mount requires a passphrase, you will be prompted for one unless you specify a file descriptor to read from instead with the
--pass-fd option. (These options can be used in addition to those specific to the filesystem type.)
If no explicit loop device is mentioned (but just an option `-o loop' is given), then mount will try to find some unused loop device
and use that.
Since Linux 2.6.25 is supported auto-destruction of loop devices and then any loop device allocated by mount will be freed by umount
independently on /etc/mtab.
You can also free a loop device by hand, using `losetup -d' or `umount -d`.
The above command has blanked the entire flash drive including track 0 that contains the partition table. If that was not your intention, then you will need to reformat the flash drive.
Perhaps you intended to merely blank the first partition, in which case the command is:
sudo dd if=/dev/zero of=/dev/sdb1 bs=8192
This is correct if evidence1.dd is a partition image.
sudo dd if=evidence1.dd of=/dev/sdb1 bs=8192
If evidence.dd contains a dd image that includes track 0 information, then the command should be
sudo dd if=evidence1.dd of=/dev/sdb bs=8192
sudo mount /dev/sda /mnt -t vfat -o loop=/dev/loop3
Your flash drive device is /dev/sdb and not /dev/sda
If evidence1.dd is a partition image on /dev/sdb1 then
sudo mount /dev/sdb1 /mnt -o loop
You should not need to specify the type, as mount can determine this.
If evidence1.dd contains track 0 information, then you will need an offset option (typically offset=32256 where 32256=63 sectors times 512 bytes/sector).
evidence1.dd: DOS floppy 1440k, x86 hard disk boot sector
I did image onto a flashdrive , jefro. Sorry for the confusion. I am taking a digital forensics class online and I`m out of my element. This was my first assignment, so i will have more questions. The assignment was simple download a file, evidence1.dd, and make a image onto the flash drive.then I was to verify the image by comparing the hashes, I used sudo sha1sum /dev/sdb1 sweeney.case01.dd, it showed me the orignal file i downloaded and the image were an exact copy nothing had been changed.I also have to type of reports of my findings. The assignment did not call for me to view the contents of the files , I was curious and wanted to know how to do this so I joined this forum and post a question. Thats basically it. thats for eveyones patience with me i know it can be frustrating at times because of my lack of Linux experience.