Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
05-31-2012, 09:53 PM
|
#1
|
LQ Newbie
Registered: May 2012
Posts: 11
Rep:
|
Viewing a copy made using dd
I am a newbie when it comes to Linux. I am currently taking a class and my assignment was to download a file,evidence1.dd,an make a copy on to a flash drive using dd. I successfully made the copy and verified the hashes are the same. I set up the drive.
sudo dd if=/dev/zero of=/dev/sdb bs=8192
sudo dd if=evidence1.dd of=/dev/sdb1 bs=8192
sudo dd if=/dev/sdb1 of=sweeney.case01.dd bs=8192
sudo sha1sum /dev/sdb1 sweeney.case01.dd
My question is how do I view the files on the flash drive ? I am sure its simple to most of you. Like I said I am new and I have been trying to figure it out on my own but I could use some help. Thanks in advance.
|
|
|
05-31-2012, 10:08 PM
|
#2
|
Moderator
Registered: Apr 2002
Location: earth
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
|
Hi, welcome to LQ!
There's a few unnecessary steps in there, really, you could have
just copied evidence1.dd to sweeney.case01.dd using
cp evidence1.dd sweeney.case01.dd
And then you could use mounting the image via loopback to see
the files in/on the image.
From man mount
Code:
THE LOOP DEVICE
One further possible type is a mount via the loop device. For example, the command
mount /tmp/fdimage /mnt -t vfat -o loop=/dev/loop3
will set up the loop device /dev/loop3 to correspond to the file /tmp/fdimage, and then mount this device on /mnt.
This type of mount knows about four options, namely loop, offset, sizelimit and encryption, that are really options to losetup(8).
If the mount requires a passphrase, you will be prompted for one unless you specify a file descriptor to read from instead with the
--pass-fd option. (These options can be used in addition to those specific to the filesystem type.)
If no explicit loop device is mentioned (but just an option `-o loop' is given), then mount will try to find some unused loop device
and use that.
Since Linux 2.6.25 is supported auto-destruction of loop devices and then any loop device allocated by mount will be freed by umount
independently on /etc/mtab.
You can also free a loop device by hand, using `losetup -d' or `umount -d`.
Cheers,
Tink
|
|
1 members found this post helpful.
|
05-31-2012, 11:13 PM
|
#3
|
LQ Newbie
Registered: May 2012
Posts: 11
Original Poster
Rep:
|
Tinkster,
I tried your solution and the results were:
sudo mount /dev/sda /mnt -t vfat -o loop=/dev/loop3[sudo]
password for liam:
mount: wrong fs type, bad option, bad superblock on /dev/loop3,
missing codepage or helper program, or other error
In some cases useful info is found in syslog - try
dmesg | tail or so
|
|
|
06-01-2012, 12:00 AM
|
#4
|
Moderator
Registered: Apr 2002
Location: earth
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
|
That's not "my solution", that's reading material that's meant to give you
an idea of how one goes about mounting a loop-back device, quoting mounts
man-pages.
What you want to do is something like this:
sudo mount sweeney.case01.dd /mnt/ -t vfat -o loop=/dev/loop3
which may or may not work ... depending on whether mount is in use
in other ways.
You may want to create a separate mount-point instead, e.g.:
sudo mkdir /mnt/loop3
and then
sudo mount sweeney.case01.dd /mnt/loop3 -t vfat -o loop=/dev/loop3
If the first step fails w/ an error don't run the second.
Cheers,
Tink
|
|
1 members found this post helpful.
|
06-01-2012, 12:31 AM
|
#5
|
LQ 5k Club
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware64-15.0
Posts: 6,449
|
Quote:
sudo dd if=/dev/zero of=/dev/sdb bs=8192
|
The above command has blanked the entire flash drive including track 0 that contains the partition table. If that was not your intention, then you will need to reformat the flash drive.
Perhaps you intended to merely blank the first partition, in which case the command is:
Code:
sudo dd if=/dev/zero of=/dev/sdb1 bs=8192
This is correct if evidence1.dd is a partition image.
Quote:
sudo dd if=evidence1.dd of=/dev/sdb1 bs=8192
|
If evidence.dd contains a dd image that includes track 0 information, then the command should be
Code:
sudo dd if=evidence1.dd of=/dev/sdb bs=8192
Quote:
sudo mount /dev/sda /mnt -t vfat -o loop=/dev/loop3
|
Your flash drive device is /dev/sdb and not /dev/sda
If evidence1.dd is a partition image on /dev/sdb1 then
Code:
sudo mount /dev/sdb1 /mnt -o loop
You should not need to specify the type, as mount can determine this.
If evidence1.dd contains track 0 information, then you will need an offset option (typically offset=32256 where 32256=63 sectors times 512 bytes/sector).
Code:
sudo mount /dev/sdb /mnt -o loop,offset=32256
|
|
2 members found this post helpful.
|
06-01-2012, 12:36 AM
|
#6
|
LQ Newbie
Registered: May 2012
Posts: 11
Original Poster
Rep:
|
Thanks for the help.This time I put
sudo mkdir /mnt/loop3
sudo mount sweeney.case01.dd /mnt/loop3 -t vfat -o loop=/dev/loop3
It is mounted now so thank you, for some reason I thought I would be able to see and open the files. Like I said I am new to Linux so thanks for your patience.
I did run
sudo xxd sweeney.case01.dd | less
and the result was this is not a bootable disk. please insert a bootable floppy and press any key.
From this I was able to identify 4 txt files and 4 jpeg files. which is all I needed to know for this part of my class. I just wanted to view the files and jpeg for my own curiosity and still do.
|
|
|
06-01-2012, 12:53 AM
|
#7
|
Moderator
Registered: Apr 2002
Location: earth
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
|
Quote:
Originally Posted by liamtsw
Thanks for the help.This time I put
sudo mkdir /mnt/loop3
sudo mount sweeney.case01.dd /mnt/loop3 -t vfat -o loop=/dev/loop3
It is mounted now so thank you, for some reason I thought I would be able to see and open the files. Like I said I am new to Linux so thanks for your patience.
I did run
sudo xxd sweeney.case01.dd | less
and the result was this is not a bootable disk. please insert a bootable floppy and press any key.
From this I was able to identify 4 txt files and 4 jpeg files. which is all I needed to know for this part of my class. I just wanted to view the files and jpeg for my own curiosity and still do.
|
If you describe your working environment (cli, gui) you may yet be able to.
If you see the files as such you should be able to view them.
cd /mnt/loop3
less textfile_to_view
|
|
1 members found this post helpful.
|
06-01-2012, 08:39 AM
|
#8
|
LQ Newbie
Registered: May 2012
Posts: 11
Original Poster
Rep:
|
Thanks for all your help. I learned a lot. I was able to open the files unfortunately the were all in binary.I really do appreciate your time and patience.
|
|
|
06-01-2012, 10:45 AM
|
#9
|
LQ Guru
Registered: May 2005
Location: boston, usa
Distribution: fedora-35
Posts: 5,326
|
what is evidence1.dd ? please run and share the results with us.
|
|
|
06-01-2012, 11:40 AM
|
#10
|
Moderator
Registered: Mar 2008
Posts: 22,130
|
I got really confused in all of this.
Why didn't you dd the file to a flash drive?
What did you mean you verified the hashes? How did you do that?
|
|
|
06-01-2012, 01:00 PM
|
#11
|
LQ Newbie
Registered: May 2012
Posts: 11
Original Poster
Rep:
|
I ran evidence1.dd and
evidence1.dd: DOS floppy 1440k, x86 hard disk boot sector
I did image onto a flashdrive , jefro. Sorry for the confusion. I am taking a digital forensics class online and I`m out of my element. This was my first assignment, so i will have more questions. The assignment was simple download a file, evidence1.dd, and make a image onto the flash drive.then I was to verify the image by comparing the hashes, I used sudo sha1sum /dev/sdb1 sweeney.case01.dd, it showed me the orignal file i downloaded and the image were an exact copy nothing had been changed.I also have to type of reports of my findings. The assignment did not call for me to view the contents of the files , I was curious and wanted to know how to do this so I joined this forum and post a question. Thats basically it. thats for eveyones patience with me i know it can be frustrating at times because of my lack of Linux experience.
|
|
|
All times are GMT -5. The time now is 02:33 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|