For the sake of argument could you remove the portion of the resier code 
in you kernel that adds to the mount count?

Ernest Baca wrote:

> nolog only affects journal entries and not the mount count.  For some 
> reason reiser demands to write that mount count to the drive.  Now I 
> know that there are other ways of attacking this like imaging a drive or 
> using a Windows piece of software which doesn't help when you need to do 
> the work in real-time.
> 
> As far as evidence.  It is very important that the state of the drive 
> does not change.  It's like the OJ Simpson bloody glove.  The 
> prosecution has to show that the glove has remained in the same state as 
> when the police seized it.  Droping the glove in a puddle of mud two 
> days later would invalidate that evidence because it had changed even 
> though you can explain what happened.  I hope this clears up my dilema.
> 
> I am pretty sure that the reiser fs will need to be hacked.  Any takers 
> at the challenge?
> 
> Ernie Baca
> ebaca@linux-forensics.com
> www.linux-forensics.com
> 


-- 
                                   .-.
=------------------------------   /v\  ----------------------------=
Robert Wultsch                   // \\        robert.wultsch@asu.edu
Linux User                      /(   )\              AIM:sheepsleep7
Don't fear the penguins          ^^-^^                  (602)6927564