> > On Fri, 2010-06-04 at 13:09 -0700, Tim Garlick > wrote: > > > Hi all, I need a Live CD that I can boot from to > > investigate Solaris 10 and OpenSolaris systems > that > > have been potentially compromised. The target OS > is > > Solaris 10. This is complicated by the fact that > the > > Solaris 10 system being investigated is a > VirtualBox > > instance of S10 Update 8. I mount the Live CD ISO > on > > the VM's virtual CD drive and then boot from that. > > > > > > I've tried MilaX but I can't figure out how to > > mount the Solaris 10 root disk after I've booted to > a > > text console with MilaX. VirtualBox doesn't > display > > the graphics correctly when you boot the MilaX ISO > in > > graphical mode. I haven't tried the VBox MilaX > > appliance yet, because that gives me a separate > VM, > > when I need to get to the S10 VM. > > > > > > So, my questions are: > > > > > > - Is MilaX the best choice? > > > - If not, which distro is better? > > > - Either way, how do I mount the S10U8 VM's root > > disk once I've booted the Live CD? > > > > > > Thanks for any pointers. > > Hi Tim, > > you can use 'format' utility to find disk name and > > root partition,then > > mount it. > > For this you can use any OpenSolaris/Belenix/MilaX > > LiveCD. > > > > Also you can find and mount all UFS part's: > > > > #!/bin/sh > > > > solaris=0 > > for dnode in /dev/dsk/* > > do > > type=`/usr/sbin/fstyp $dnode 2> /dev/null` > > f [ "x$type" = "xufs" ] > > then > > /usr/bin/mkdir /mnt/solaris$solaris > > /sbin/mount -F $type $dnode > > /mnt/solaris$solaris > > fi > > done > > Although if they're serious about forensics use, > they'd need to use > > /sbin/mount -F $type -o ro $dnode > > because you absolutely positively do not want to mess > with the evidence. > > (better would be to have a copy of the disk or disk > image made and work > on that, never touching the original at all, unless > getting into high-end > data recovery on it)
Right, thanks Richard. Cheers, Alex -- This message posted from opensolaris.org _______________________________________________ distribution-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/distribution-discuss
