Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Computer Forensics Computer-Forensics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Mounting Sparc with Veritas enterprise admin service partitions / vxsvc

from [l1st3r] Network Security [Permanent Link]
Subject: Mounting Sparc with Veritas enterprise admin service partitions / vxsvc
Date: 10 Nov 2005 08:19:46 -0000 
Hi

We have a Solaris Sparc fibre channel disk from a hacked machine with a strange 
partitioning scheme. It was part of a 2-disk RAID 1 mirror and was running 
vxsvc / Veritas enterprise administrator service before the disk was removed. 
I've got details of the mount points and partitions below. There was CMS data 
managed on a cluster on another machine, which we don't need to access. But we 
would like to get to the data that was on the disk itself (/local, /etc, and 
the root volume). 

We are using a Sparc system to mount the disks (mount -o ro,noatime ...).

Can someone advise on how to mount these partitions?

Thanks for your help.

L.

VTOC Partition table (format output)

Part      Tag    Flag     Cylinders         Size            Blocks
  0       root    wm       1 -   619        3.00GB    (619/0/0)     6298944
  1       swap    wu     620 -  2679       10.00GB    (2060/0/0)   20962560
  2     backup    wm       0 - 14086       68.35GB    (14087/0/0) 143349312
  3          -    wu       0 -     0        4.97MB    (1/0/0)         10176
  4          -    wu       1 - 14086       68.35GB    (14086/0/0) 143339136
  5 unassigned    wm       0                0         (0/0/0)             0
  6        var    wm   13672 - 14084        2.00GB    (413/0/0)     4202688
  7 unassigned    wm       0                0         (0/0/0)             0

Mount points (we are not able to mount /etc on this disk so this is from a 
system info file in the root directory):

Filesystem Mounted
/dev/vx/dsk/rootvol /
/proc /proc
fd /dev/fd
mnttab /etc/mnttab
/dev/vx/dsk/var /var
swap /var/run
swap /tmp
/dev/vx/dsk/local /local
/dev/vx/dsk/raiddg3/raid3vol /raid3
/dev/vx/dsk/raiddg4/raid4vol /raid4
/dev/vx/dsk/raiddg9/raid9vol /raid9
[More with this subject...]


<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Access times and backups, John Nemeth
Next by Date:  Re: Mounting Sparc with Veritas enterprise admin service partitions / vxsvc, Boni Bruno
Previous by Thread:  Creation of a new mailing list for french-speaking computer forensic practitionners, LERTI - David Billard
Next by Thread:  Re: Mounting Sparc with Veritas enterprise admin service partitions / vxsvc, Boni Bruno
Indexes:  [Date] [Thread] [Top] [All Lists]