Maybe I haven't looked deep enough, but I figure the experts would know best. I believe a system of mine may have been compromised with a rootkit. I have already taken an image of the system and split out the partitions using the output from mmls and dcfldd. One of my partitions is an LVM partition. It was on a SAN and we made it LVM so the partition could be extended, but it never was.
I have the image on a Forensic system and I would like to be able to browse the image as if it was another disk in the system. What would I need to do? -- Nathaniel Hall, GSEC GCFW GCIA GCIH
