Download presentation
Presentation is loading. Please wait.
1
*nix and Non-Intel Platform issues CSC 486/586 1
2
Objectives Non-Intel hardware (RISC platform) issues Other *nix issues (any platform) – Network scanning – Backup Tapes 2
3
Non Intel-based (x86) hardware platforms - RISC SUN, HP-UX, IBM, Apple, etc. 3
4
How do I boot it? – Your Intel boot disks (CD/floppy) won’t boot it – Usually no floppy drive and may be no CD drive either – If you don’t have a boot CD for the proprietary platform, you may need to boot to the native UNIX OS and perform any data acquisition from within the native OS using built-in UNIX commands – May need to use native system to access NAS or other storage medium….better practice ahead of time!!! 4
5
Can I attach my drive to it? – Proprietary drive controllers – Usually no PCI slot for your own controller – Usually SCSI… Is it “High Voltage” SCSI (HVD) or Low Voltage (LVD)? Don’t fry your drive!!! – Their high voltage drive + your low voltage system = nothing – Your low voltage drive + their high voltage system = smoke Adaptec 2944 controller card Look for a standard SCSI controller in drive. Usually a standard SCSI tape backup drive attached to the standard SCSI controller. 5
6
You’ve attached your drive now what? – Better get online or start reading the Sys admins manuals… – Identify your drive from the subject hard drives within the OS – You need to partition and format your drive with a UFS file system…..using Unix commands If you are not sure what to do….call someone!!! 6
7
Data Acquisition??? – Image with “dd” – Capture files and folders with “tar” onto your UFS formatted drive – CP or CPIO (but the first two options are better) – FTP data across the network to another machine You should always have an FTP client on your laptop (i.e. SmartFTP). FTP command line version is built into all OSs. Use WinRAR or tar (in the native Unix OS) to put a “wrapper” around files pulled off by FTP This is usually the best way to deal with machines like an IBM AS-400 If you are not sure what to do….call someone!!! 7
8
How will you analyze the data? Do you need the RISC system to “analyze” the data you are seizing? Do you need to “run” the Unix software or just look at files? FTP’d database files may not do much good without the front-end database app. Linux can be used to view, search, extract files you seize onto your UFS formatted drive. 8
9
Other Linux/Unix Issues Network Scanning – Nmap Backup Tapes – How to read tapes, pull data off and uncompress it with Linux/Unix 9
10
Windows scanning tools vs. Nmap 10 Scanned 10.10.10.1- 10.10.10.103
11
Windows scanning tools vs. Nmap Same IP address range scanned….this time in Linux with Nmap 4.23RC1 Detected ALL machines, even those running firewalls! 11
12
Backup Tapes Tape data is linear…just a stream of data in whatever form the backup utility writes. – No Partition, no file system – Normally can not “map out” files and directories without the backup utility that created the data stream. Tapes come in many sizes, capacities, and use a variety of different tape drives. Many commonly used backup programs/utilities. 12
13
Backup Tapes Unless you have a tape drive of the same type used, also seize the tape drive so you have a device that reads the tapes. If seizing backup tapes, also seize the backup software used by the subject. …but what do you do if someone just gives you tapes and you don’t know what program created the backup data. 13
14
Working with Tapes in Linux mt – SCSI tape control dd – device copy file – File signature identification Proper SCSI tape device driver – /dev/st0 – rewinding tape device – /dev/nst0 – non-rewinding tape device First set the block size of your tape drive to 0 so that you can read variable block sizes. – mt -f /dev/st0 setblk 0 14
15
Determining allocation (how much data is on the tape) Run to end of data (EOD) on tape mt -f /dev/nst0 eod Determine position on tape mt -f /dev/nst0 tell Response is total blocks allocated on the tape Tape is at block 24088 Rewind tape mt –f /dev/st0 rewind 15
16
Finding block size Grab an arbitrary large block of data to force error reporting dd if=/dev/nst0 of=test ibs=128k obs=1 count=1 Error report gives correct block size 0+1 records in 5120+0 records out 16
17
Identifying the data Use file command to identify file test Test: gzip compressed data, deflated, last modified: Wed Jan 26 16:43:42 205, os: Unix Uses /usr/share/magic file which identifies file signatures Gzipped or otherwise compressed data must be decompressed to identify Typically such data is a compressed archive (tar, cpio, or dump) 17
18
Pulling data off the tape Start at beginning of session mt –f /dev/nst0 bsfm 1 Read entire session to a file dd if=/dev/nst0 of=/mnt/session1.txt bs=5120 The dd command reports blocks copied 15198+0 records in 15198+0 records out May need to set block size of tape drive to block size determined on tape. – mt –f /dev/st0 setblk 5120 18
19
Uncompressing the data You may need a third-party tool to interpret the data file you pulled off the tape. If it is a *nix archive such as tar or gz, use standard tar and gunzip commands to uncompress into logical files and folders. tar –zxf /mnt/session1.txt 19
20
Questions??? Use the discussion board, as usual… 20
21
21
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.