0

I have several raw block copies of disks that have both NTFS and Linux partitions. The parition tables generally have both a Windows NTFS partition and a Linux LVM partition. I need to work on all of these partitions to build a supertimeline (log2timeline) but I need a good way to find the ext partitions inside the LVM.

I am not familiar at all with and of the LVM commands, though I have a decent grasp on the terminology. Once I get to the byte offset of the ext partitions, I'll be fine, but I'd rather not scan the disk byte by byte for the partition headers and superblocks.

David Souther
  • 227
  • 1
  • 2
  • 7

1 Answers1

1

Have a look at utility called kpartx. It creates device maps from partition tables residing within devices.

Update:

I wanted to add that if your disk images are stored as ordinary files (as opposed to LVM volumes) you can use losetup to attach the images as devices. Specify the -r option if you want to make sure that no changes happen to the original image.

Regarding kpartx: it also works with LVM volumes within partitions within LVM volumes etc. You just run kpartx -a DEV repeatedly for each enclosing partitioning/volume layer until you reach the point where you have a device mapper device node for the file system which you want to mount.

snap
  • 1,251
  • 10
  • 18