* boot machine with sleuthkit, smbfs, clamav (w/updated definitions), etc.
* mkdir -p /data/<casenum>/<dir/code name as listed on file server>/ /work/<casenum>/<partnums(s)>/
* smbmount //192.168.8.103/<dir/code name from file sever /data/<casenum/<dir/code name>/ -o username=user,password=pass,ro
* run mmls on image file: mmls /data/<casenum/<dir/code name>/image.dd
* find offset of partitions to mount - start sector (63) * default block size (512) = 32256 (for first partition)
* mount -o loop,ro,noexec,nodev,offset=32256 /data/<casenum>/<dir/code name>/image.dd /work/<casenum>/<partnum>/
No comments:
Post a Comment