Hi All
I need a bit of advise
I have 5xE01 images
Set of those disks comprises of various RAID arrays Stripe, Mirror, Simple.
(I know that the easiest thing would be to use EnCase; add E01, rebuilt RAID via analyse disk config there - but this is not the case).
So I have converted them into flat RAW images in FTK imager and now I want to do the following
Using Linux Virtual Box (Preferably KALI) MOUNT THEM AND RECONSTRUCT RAID, ONCE THIS IS DONE - TO CREATE ONE FLAT DD/RAW IMAGE OF THE ENTIRE RAID.
So my questions are as follows
- HOW TO MOUNT FLAT IMAGE WITHOUT SPECIFYING FILE SYSTEM on Kali?
- HOW TO RECONSTRUCT RAID if all successfully mounted ON KALI OR ANY OTHER SIMILAR LINUX PLATFORM?
This is mostly to prove the concept and see it if is possible.
Any suggestions?
DMDE
https://dmde.com/
Has an easy to use "raid reconstructor" provision, at least in the Windows GUI version, but very possibly this same feature is in the Linux command line version (I am not at all familiar with this version).
But maybe you want to try pyflag (or just check the docs and tutorials and do it manually)
http//
jaclaz
Thank you.
However I need to use freeware. I just installed DMDE and it may work but it is commercial tool.
Can this be done in Linux at all?
If you definitely know the settings you can do it just using mdadm commands in linux. But, you'd have to know the settings first.
As an alternative, the demo version of R-Studio from R-TT (which has a linux version) can be used to build a virtual array of just about any type. You'd need to buy a $79 license to copy individual files out, but I'm pretty sure you can create an image of the full array even in the demo version. Let me know if you need any help. I recover failed RAID arrays all the time in my data recovery work.
Ok DD images some how mounted to KALI but need to be transversed/processed to rebuilt RAID
Disk /dev/loop0 80 GiB, 85899345920 bytes, 167772160 sectors
Units sectors of 1 * 512 = 512 bytes
Sector size (logical/physical) 512 bytes / 512 bytes
I/O size (minimum/optimal) 512 bytes / 512 bytes
Disklabel type dos
Disk identifier 0xbc171db6
Device Boot Start End Sectors Size Id Type
/dev/loop0p1 63 2047 1985 992.5K 42 SFS
/dev/loop0p2 * 2048 206847 204800 100M 42 SFS
/dev/loop0p3 206848 63324159 63117312 30.1G 42 SFS
/dev/loop0p4 63324160 167770111 104445952 49.8G 42 SFS
Disk /dev/loop1 80 GiB, 85899345920 bytes, 167772160 sectors
Units sectors of 1 * 512 = 512 bytes
Sector size (logical/physical) 512 bytes / 512 bytes
I/O size (minimum/optimal) 512 bytes / 512 bytes
Disklabel type dos
Disk identifier 0x02c70e8e
Device Boot Start End Sectors Size Id Type
/dev/loop1p1 63 167770111 167770049 80G 42 SFS
Disk /dev/loop2 80 GiB, 85899345920 bytes, 167772160 sectors
Units sectors of 1 * 512 = 512 bytes
Sector size (logical/physical) 512 bytes / 512 bytes
I/O size (minimum/optimal) 512 bytes / 512 bytes
Disklabel type dos
Disk identifier 0x02c70e81
Device Boot Start End Sectors Size Id Type
/dev/loop2p1 63 167770111 167770049 80G 42 SFS
Disk /dev/loop3 80 GiB, 85899345920 bytes, 167772160 sectors
Units sectors of 1 * 512 = 512 bytes
Sector size (logical/physical) 512 bytes / 512 bytes
I/O size (minimum/optimal) 512 bytes / 512 bytes
Disklabel type gpt
Disk identifier E5586C62-2DB2-4FD8-A42A-118BB805B08D
—- ignore this one —– below it is not RAID.
Device Start End Sectors Size Type
/dev/loop3p1 34 262177 262144 128M Microsoft reserved
/dev/loop3p2 264192 104282111 104017920 49.6G Microsoft basic data
/dev/loop3p3 104282112 147288063 43005952 20.5G Microsoft basic data
/dev/loop3p4 147288064 167768063 20480000 9.8G Microsoft basic data
—- ignore this one —– above it is not RAID.
Disk /dev/loop4 80 GiB, 85899345920 bytes, 167772160 sectors
Units sectors of 1 * 512 = 512 bytes
Sector size (logical/physical) 512 bytes / 512 bytes
I/O size (minimum/optimal) 512 bytes / 512 bytes
Disklabel type dos
Disk identifier 0x02c70e80
Device Boot Start End Sectors Size Id Type
/dev/loop4p1 63 167770111 167770049 80G 42 SFS
SFS is RAID, I can analyse LDM Database using ldmdump.exe in Windows so there must be a way to apply the same in Linux to look into it and reconstruct RAID - has anyone done it ?
However I need to use freeware. I just installed DMDE and it may work but it is commercial tool.
No it is not, there is a Freeware version (not Open Source) also
https://
Can this be done in Linux at all?
The (given) Pyflag *is* Linux and more than that it explainss HOW to "guess" the configuration
http//
and once you have the configuration data Linux already has the tools needed (mdadm as stated by JaredDM), see
https://
https://
https://
jaclaz