If the system in question is using LVM on Linux I would suggest using System Rescue CD. http://www.sysresccd.org/Main_Page
I use it all the time and it's updated on a regular basis. Anyway how to get at a LVM volume. Boot from CD. at the root prompt enter #pvscan That will show all of the physical volumes under LVM and the volume groups. You can now run vgscan #vgscan vgscan finds the volume groups so you can now run lvscan #lvscan lvscan will report all the logical volumes on the disk. >From there all you have do is dd the volume group to another disk dd if=/dev/vgname/lvname of=/mnt/some/place/file You can then mount the FS and do what every recovery or forensics on the FS with Helix. Does anyone know if Helix has LVM support and had the LVM tools included? On Tue, Jan 19, 2010 at 5:59 AM, Matt Erasmus <[email protected]> wrote: > Not too sure about the LVM volumes as it's been a while since I've > played with them, but > I've always used good old dd and netcat to make live copies of servers... > > This was one of the more useful posts I found: > > http://digiassn.blogspot.com/2006/01/dd-over-netcat-for-cheap-ghost.html > > 2010/1/19 Monkey Daemon <[email protected]>: >> So can I image the partition in "realtime" or do I need to take the >> server off-line and boot from a live cd > > > -- > Matt Erasmus > > /* @z0nbi / http://www.zonbi.org */ > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
