Aashish, What you want to do, assuming you are mounting this under linux is as follows:
1. Attach the drive/device to the analysis machine 2. Issue the command: mount -o ro, loop, noatime /PathToImage/logvol.img /PathToMountPoint The options on the mount command are: ro: read-only. This is a must when mounting any drive. If a drive is written to during an investigation, its value as evidence is threatened Loop: Allows a file to be mounted and accessed like a regular block device (hard drive partition). Noatime: Disables the last access time marker that is put on opened files >From here you may want to use some type of forensic analysis software like foremost, sleuthkit, etc... Cheers, peter -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, September 12, 2006 1:22 PM To: [email protected] Subject: Re: RE: Mounting LVM image for analysis Hello : I was able to create images of logical volume by using command : dd if=/dev/mapper/VolGroup00-LogVol04 of=logvol.img How do I mount the image now for further analysis. Any thoughts will be appreciated. Thanks aashish ****************************************************************************** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement contract. ******************************************************************************
