Mount an LVM ext4 p...
 
Notifications
Clear all

Mount an LVM ext4 partition from a spanned EWF image?

3 Posts
2 Users
0 Likes
794 Views
(@adamd)
Posts: 46
Eminent Member
Topic starter
 

Hi all,

I have a disk image of an ubuntu box in spanned ewf format that I need to mount for analysis and I'm trying to do it without having to DD out the entire LVM volume as a single raw image (its 480GB in size) or write it out to a hard disk.

I've used ewfmount to present the spanned EWF volume as a single RAW disk image.

After running mmls, I've found the LVM offset and used losetup to make the LVM partition /dev/loop0

now when I run pvscan is sees the volume group and shows me the details.

I then ran "vgchange -ay" which which tells me there are 2 lvm voumes in the volume group that are active.

When I check /dev/mapper it contains /dev/mapper/volumegroup-root and /dev/mapper/volumegroup-swap_1

Now, when I try and mount /dev/mapper/volumegroup-root is says "wrong fs type".

I know its ext4 as I can see the folders in FTK imager.

If I had the lvm offsets wrong then pvscan/vgchange etc would not have worked.

Looking at dmesg is says "LBD recovery failed"EXT4-fs error loading journal" and a bunch of "lost page write due to I/O error" entries.

Is the problem here the fact its originally mounted from a read only EWF volume using ewfmount? Its the only thing I can think of.

If anyone has done this or has any ideas, that would be great.

Google hasn't helped much as there no example of someone doing it from an EWF spanned image. That's why I'm assuming that's the problem.

Adam

 
Posted : 03/05/2013 11:35 am
(@adamd)
Posts: 46
Eminent Member
Topic starter
 

I got around this by another means

Still interested to know if its possible from a EWF though.

 
Posted : 06/05/2013 4:33 am
(@wechselberger)
Posts: 11
Active Member
 

looking once on this page ….

Mikas Blog

With this tutorial I mounted a hard disk from a nas with ext4 and dynamic disk. I use grml-forensic.

K.W.

 
Posted : 06/05/2013 6:16 pm
Share: