nolog only affects journal entries and not the mount count. For some reason reiser demands to write that mount count to the drive. Now I know that there are other ways of attacking this like imaging a drive or using a Windows piece of software which doesn't help when you need to do the work in real-time. As far as evidence. It is very important that the state of the drive does not change. It's like the OJ Simpson bloody glove. The prosecution has to show that the glove has remained in the same state as when the police seized it. Droping the glove in a puddle of mud two days later would invalidate that evidence because it had changed even though you can explain what happened. I hope this clears up my dilema. I am pretty sure that the reiser fs will need to be hacked. Any takers at the challenge? Ernie Baca ebaca@linux-forensics.com www.linux-forensics.com >From: Bill Jonas >Reply-To: plug-discuss@lists.plug.phoenix.az.us >To: plug-discuss@lists.plug.phoenix.az.us >Subject: Re: Need help! Calling all Linux experts here. >Date: Mon, 4 Aug 2003 21:43:10 -0700 > >On Mon, Aug 04, 2003 at 09:20:11PM -0700, Ernest Baca wrote: > > Further reasearch which I did not publish showed that the mount count > > in the journal is what actually changed, but none the less it changed > > and that can be a disaster when it comes to evidentiary value believe > > it or not. > >This may be a silly question... mount(8) shows a "nolog" option for >reiserfs. Have you tried that? (I'll give you that it says that >implementation of this option is a work in progress, but I don't know >whether or not this is helpful. > >-- >Bill Jonas * bill@billjonas.com * http://www.billjonas.com/ >"It's a dangerous business, Frodo, going out your front door. You step >into the Road, and if you don't keep your feet, there is no knowing >where you might be swept off to." -- Bilbo Baggins ><< attach3 >> _________________________________________________________________ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus