[sleuthkit-users] RE: sleuthkit-users digest, Vol 1 #175 - 1 msg
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-users] RE: sleuthkit-users digest, Vol 1 #175 - 1 msg
|
From: SecMan <se...@ta...> - 2004-06-30 23:52:46
|
I had a disk with the same weirdness - it turned out to be a win2k ntfs disk that someone had mounted wrong and written as win98 fat32 - I was able to salvage a little of teh original but not much good - If you can get some of the early history - maybe you can rebuild the orig layout. Sorry - i know that this is not much help. tc. -----Original Message----- From: sle...@li... [mailto:sle...@li...]On Behalf Of sle...@li... Sent: Thursday, June 17, 2004 11:26 PM To: sle...@li... Subject: sleuthkit-users digest, Vol 1 #175 - 1 msg Send sleuthkit-users mailing list submissions to sle...@li... To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/sleuthkit-users or, via email, send a message with subject or body 'help' to sle...@li... You can reach the person managing the list at sle...@li... When replying, please edit your Subject line so it is more specific than "Re: Contents of sleuthkit-users digest..." Today's Topics: 1. Problems Aquiring a Bad Drive (Jason Fuller) --__--__-- Message: 1 From: "Jason Fuller" <efo...@ho...> To: sle...@li... Date: Thu, 17 Jun 2004 13:33:27 -0500 Subject: [sleuthkit-users] Problems Aquiring a Bad Drive To All: I am using RH9 with Sleuthkit 1.7 & Autopsy 2.01. I am experiencing problems processig an image. I am imaging a "bad" 30gig drive. (i.e. it will no longer boot into Win98). Below is the partition that I copied: ---------------------------------------------------------------------------- ----------------------------- [root@localhost levan]# fdisk -l Disk /dev/hdb: 30.0 GB, 30020272128 bytes 255 heads, 63 sectors/track, 3649 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System /dev/hdb1 * 1 3649 29310561 c Win95 FAT32 (LBA) [root@localhost levan]# clock ; dcfldd if=/dev/hdb1 of=30gig1.img conv=noerror,sync ; clock Thu 17 Jun 2004 11:35:44 AM CDT -0.214746 seconds dcfldd: reading `/dev/hdb1': Input/output error 0+0 records in 0+0 records out dcfldd: reading `/dev/hdb1': Input/output error 0+1 records in 1+0 records out dcfldd: reading `/dev/hdb1': Input/output error 0+2 records in 2+0 records out dcfldd: reading `/dev/hdb1': Input/output error 0+3 records in 3+0 records out dcfldd: reading `/dev/hdb1': Input/output error 0+4 records in 4+0 records out dcfldd: reading `/dev/hdb1': Input/output error 0+5 records in 5+0 records out dcfldd: reading `/dev/hdb1': Input/output error 0+6 records in 6+0 records out dcfldd: reading `/dev/hdb1': Input/output error 0+7 records in 7+0 records out 58620928 blocks (28639Mb) written. 58621114+8 records in 58621122+0 records out Thu 17 Jun 2004 11:58:23 AM CDT -0.134078 seconds ---------------------------------------------------------------------------- ------------------------------------- When I try to add the image to Autopsy, I receive an error stating that the image is not fat32. This image is win98 fat32. How can I get Autopsy to add the correct image under Fat32, apparently the bad blocks are preventing Autopsy to view the partition properly. I also receive errors when dd'ing the whole /dev/hdb. What do I need to do to correct this problem? Thank you, Jason Fuller _________________________________________________________________ Getting married? Find great tips, tools and the latest trends at MSN Life Events. http://lifeevents.msn.com/category.aspx?cid=married --__--__-- _______________________________________________ sleuthkit-users mailing list sle...@li... https://lists.sourceforge.net/lists/listinfo/sleuthkit-users End of sleuthkit-users Digest |
