Need help! Calling all Linux experts here.

Top Page
This message is part of the following thread:
M+++\the complete thread tree sorted by date
MMMMMTed Gould at <-
MDavid Mandala at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: James
Date:  
Subject: Need help! Calling all Linux experts here.
This is good to know. I must now switch to reiserfs.

On Monday 04 August 2003 9:20 pm, Ernest Baca wrote:
> Hi All,
>
> I am a computer forensic examiner here in Phoenix. I use Linux as a tool
> for the examination of suspect computers. The one thing that is very
> important for evidentiary reasons is that the state of the drive does not
> change when you examine it. Basically the md5 hash before examination must
> match the hash after examination. I have made a bootable CD distro based
> on KNOPPIX to assist examiners in the live preview of suspect computers.
>
> Now here is the problem I face. I did some research and published a white
> paper that indicates that when you mount ext3 and reiserfs partitions
> read-only the state of the drive changes. Further reasearch which I did
> not publish showed that the mount count in the journal is what actually
> changed, but none the less it changed and that can be a disaster when it
> comes to evidentiary value believe it or not.
>
> Now I discovered that mounting an ext3 partition as an ext2 partition
> solved my ext3 problem, but reiser is a different story. Reiser demands
> low level write access to the journal. No matter how you mount it even
> using a loopback device, it changes. If you lock the drive with an hdpar
> -r reiser refuses to mount.
>
> Now down to what I need. I have seen some really great talent here and I
> need a person or group of people willing to tackle this issue. I am pretty
> certain that a hack will need to be done to the reiser fs that comes with
> the latest version of KNOPPIX or maybe someone has some idea of how to get
> around it. My goal is to place this solution on my CD full credit given of
> course.
>
> If anyone is intrested let me know here or at my website address. If
> several people are intrested I would like to get a working group going.
>
>
>
> Ernie Baca
>
> www.linux-forensics.com
>
> _________________________________________________________________
> MSN 8 with e-mail virus protection service: 2 months FREE*
> http://join.msn.com/?page=features/virus
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Mac OSX ServerNeed help! Calling all Linux experts here.->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)