Re: [sleuthkit-users] DD images for sun

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

They are straight DD images of each partition of the drive copied accross 
the network. I am using autopsy to perform the analysis, but it does not 
appear to be able to ascertaing the file system... just able to keyword 
search, checksums and the like. And no, this is not a critical situation - 
- - just exploratory on some strage events on the server. Just never had 
this happen before. 

NOTICE TO RECIPIENT:  If you are not the intended recipient of this 
e-mail, you are prohibited from sharing, copying, or otherwise using or 
disclosing its contents.  If you have received this e-mail in error, 
please notify the sender immediately by reply e-mail and permanently 
delete this e-mail and any attachments without reading, forwarding or 
saving them.  Thank you.

farmer dude <far...@ya...> 
01/25/2007 06:45 PM

To
Brian Hanson/PO/KAIPERM@Kaiperm, sle...@li...
cc

Subject
Re: [sleuthkit-users] DD images for sun

--- Bri...@kp... wrote:

> I have acquired my DD images from a SUN server...

May we know how you made your acquisition?  Also, are
these physical images (of each disk in the server) or
logical images (of each partition/file system/slice)?

> however I am only able 
> to perform keyword searches... no data analysis. 

Why is this so?  Are you limited by the tool(s) you're
using or you cannot mount the file system to view
logical structure and active files?

> I
> have never performed 
> analysis on Sun - - - so I am kind of at a loss
> here. 

This is not for a real case, or anything important,
then, is it?  ;)

> Anyone know what I 
> can do in order to access the file system, time
> sequencing, etc?

You obviously don't need to mount a file system to
analyze the contents.  Mounting it may make it easier
to view and see things, though.

What is the disk layout and the file system type(s)
for each slice/partition?

You will need to specify the ufs type to Linux mount
command.  You could use SMART for Linux as well. 
Finally, there is my CD, THE FARMER'S BOOT CD.  I know
each of these supports UFS types and enable you to
mount Sun file systems. 

regards,

farmerdude

____________________________________________________________________________________
Yahoo! Music Unlimited
Access over 1 million songs.
http://music.yahoo.com/unlimited