Hi all. Im having a heck of a time trying to get LinEn to work from the Helix 3 CD. I have been succcessful with the OEM Boot Cd from GSI but when it comes to usung LinEn on the Helix CD im bombing out!
After the GUI loads I go to LinEn and select my target partition /hda5. On the next screen I am prompted for the destination drive\path, so i put /media/sda1 because thats the mount point given to my target drive (a usb drive attached for evidence file storage), I walk through the META data and then start the acquisition.
As soon as it starts it bombs. It comes back with an error message, "The destination disk is too small. Pick another path". Now, the destination drive is 20Gb, the target is 6Gb, so thi serror is bogus. Plus I have it working with the GSI OEM CD.
Anyway, is there anything i have to do to the target Drive to prep it for the acquistion within Helix?
regards, Brian.
I'm going to go with the really obvious thing here, and ask if you formatted the destination disk. I know that generally, LinEn is expecting to deal with FAT.
When prompted for the path, type
/media/sda1/DestinationDirectory/FileName and press enter (substitute the name of your directory and the file name you want to use). Do not include the .E01 file extension at the end of the string. This assumes that you ran mkdir to create your destination directory and ran cd to make your destination directory your working directory. Also, are you running this as a superuser (su)? Did you mount the destination as read/write?
I'm going to go with the really obvious thing here, and ask if you formatted the destination disk. I know that generally, LinEn is expecting to deal with FAT.
Yes, is FAT. As I mentioned above I have it working with the OEM CD from GSI.
When prompted for the path, type
/media/sda1/DestinationDirectory/FileName and press enter (substitute the name of your directory and the file name you want to use). Do not include the .E01 file extension at the end of the string. This assumes that you ran mkdir to create your destination directory and ran cd to make your destination directory your working directory. Also, are you running this as a superuser (su)? Did you mount the destination as read/write?
OK, here is where im going to need assistance. Im not a Linux user so I'm in foreign waters. Honestly, Im going to need step by step instructions under the Linux hood if I stand a chance to get this going.
Based upon what you say above I then assume Helix does not mount the drive in RW mode! So how do I prep the environment to get this thing going. I really would appreciate some hand holding with this one. Again, Linux and me = Chinese, don't speak a word.
Like I said above I had no issues running this from the GSI OEM CD but under Helix it just is not working for me.
Folks, I was forwarded the below link to a really cool Linux Boot disk that had me imaing the disk literally within minutes of downloading it. Some may already be aware of this disk, but I was so impressed with it I wanted to post it incase anyone else has the same issues I had with LinEn on Helix. (Helix is great, it was just the LinEn piece) It just made my life that much easier.
http//
If you already have the destination ready-formatted, try
sudo mount -o rw /dev/sdb1 /media/sdb1
(sdb being your destination drive, 1 being the first partition, modify accordingly if not sdb, ie sda1 sdc1 etc, sudo fdisk -l to list your drives if you need to check)
Rich
Thanks for the link bperk….downloading it now. One more tool in the box!
…a really cool Linux Boot disk that had me imaing the disk literally within minutes of downloading it…
Ever since we received Raptor in-house, here, I have promoted its use among our 40 examiners. I have yet to hear anything but praise for the tool. CLI purists may have less appreciation for it. But, it is such a forensically sound time saver that can be used on both Intel and PPC-based systems. ForwardDiscovery is one to watch, IMHO.