[sleuthkit-users] OSX success!
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-users] OSX success!
|
From: J B <je...@ad...> - 2006-04-18 17:18:27
|
I'm very impressed by TSK's performance on my ibook. I recently upgraded it to panther 10.3, as high as my hardware can = handle. Previously, I was using linux and had wiped os9 off long ago. Firewire mass storage driver found my Tableau Write Blocker and put the = HD icon on my desktop. I dd'd the whole drive to image.dd. taking a look at the boot sector showed me that there was an ontrack = manager at the beginning, so, unlike most fat disks, OSX couldn't show = me this one. =20 I found the filesystem using sigfind 126 sectors in. I dd'd starting at = 126 to the end for a new "image126.dd" The problem arised when I wanted to mount the image.. no loop device = block devices in /dev... The mac disk utility can mount a filesystem image, but requires that it = have the ext .dmg. =20 Renamed to image126.dmg, mounted like a horse. Thanks again for writing the book _File System Forensic Analysis_, = Brian. -JB |
