I'm very impressed by TSK's performance on my ibook.
I recently upgraded it to panther 10.3, as high as my hardware can =
handle.
Previously, I was using linux and had wiped os9 off long ago.
Firewire mass storage driver found my Tableau Write Blocker and put the =
HD icon on my desktop.
I dd'd the whole drive to image.dd.
taking a look at the boot sector showed me that there was an ontrack =
manager at the beginning, so, unlike most fat disks, OSX couldn't show =
me this one. =20
I found the filesystem using sigfind 126 sectors in. I dd'd starting at =
126 to the end for a new "image126.dd"
The problem arised when I wanted to mount the image.. no loop device =
block devices in /dev...
The mac disk utility can mount a filesystem image, but requires that it =
have the ext .dmg. =20
Renamed to image126.dmg, mounted like a horse.
Thanks again for writing the book _File System Forensic Analysis_, =
Brian.
-JB
|
