problems with iPods
|
View:
New views
2 Messages
—
Rating Filter:
Alert me
|
 |
problems with iPods
by Simson Garfinkel-3
::
Rate this Message:
I have a 160GB iPod mounted on my Mac which cannot be read with Sleuthkit. Here are my file systems: You have new mail. simsong@m:~$ df Filesystem 1K-blocks Used Available Capacity Mounted on /dev/disk0s2 1952925656 1809959328 142710328 93% / devfs 112 112 0 100% /dev map -hosts 0 0 0 100% /net map auto_home 0 0 0 100% /home /dev/disk3s2 156093728 32153536 123940192 21% /Volumes/NPS Test User 1’s iPod /dev/disk1s2 1074316 1025180 49136 96% /Volumes/MacSpeech English Data But notice that mmls doesn't recognize the partition: simsong@m:~$ mmls /dev/rdisk3 Cannot determine partition type simsong@m:~$ mmls -t list Supported partition types: dos (DOS Partition Table) mac (MAC Partition Map) bsd (BSD Disk Label) sun (Sun Volume Table of Contents (Solaris)) gpt (GUID Partition Table (EFI)) simsong@m:~$ mmls /dev/rdisk3 Cannot determine partition type simsong@m:~$ mmls -t dos /dev/rdisk3 Invalid magic value (File is not a DOS partition (invalid primary magic) (Sector: 0)) simsong@m:~$ mmls -t mac /dev/rdisk3 Error reading image file (raw_read - offset: 512 - len: 65536 - Invalid argument) (MAC Partition entry 1) simsong@m:~$ mmls -t bsd /dev/rdisk3 Error reading image file (raw_read - offset: 512 - len: 65536 - Invalid argument) (BSD Disk Label in Sector: 1) simsong@m:~$ mmls -t sun /dev/rdisk3 Invalid magic value (SUN (intel) partition table (Sector: 0) 0) simsong@m:~$ mmls -t gpt /dev/rdisk3 Invalid magic value (Missing DOS safety partition (invalid magic) (Sector: 0)) Well, I know where the partition is, so let's try to access it directly with fls: simsong@m:~$ fls /dev/rdisk3s2 hfs_dinode_copy error: folder has non-directory type 0 Huh. It identified it as an HFS file system, but it couldn't read it. Notice that fls works fine on my root filesystem, which is also HFS: simsong@m:~$ sudo fls /dev/rdisk0s2 Password: r/r 236078: .DS_Store r/r 867325: .DS_Store (from old Mac) r/r 80520: .file d/d 236992: .fseventsd d/d 19: .HFS+ Private Directory Data r/r 236777: .hotfiles.btree r/r 16: .journal r/r 17: .journal_info_block d/d 237046: .Spotlight-V100 r/r 867327: .SymAVQSFile r/r 867329: .symSchedScanLockxz d/d 20: .Trashes d/d 26103: .vol r/r 21: .VolumeIcon.icns d/d 293: Applications d/d 2412505: bak d/d 24060: bin d/d 80532: cores d/d 2422859: corp d/d 867331: DARPA r/r 1021197: darpa-report-nist-090520.doc d/d 24771: dev d/d 920633: Developer l/l 24772: etc d/d 237017: home d/d 2412497: ISOs d/d 393: Library r/r 26170: mach_kernel d/d 1021201: mnt d/d 237016: net d/d 80530: Network d/d 2228419: opt d/d 1021205: opt.x d/d 199: private d/d 4498: sbin d/d 217: System l/l 24812: tmp d/d 37264: Users d/d 288: usr l/l 24813: var d/d 26104: Volumes d/d 1532461: xfer from alex d/d 18: ����HFS+ Private Data simsong@m:~$ Anybody have a work-around? ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ sleuthkit-users mailing list https://lists.sourceforge.net/lists/listinfo/sleuthkit-users http://www.sleuthkit.org |
|
|
Re: problems with iPods
by Brian Carrier-2
::
Rate this Message:
After looking at the image that Simson was able to share with me, it
is because the system is using 4096-byte sectors and TSK is assuming 512-byte sectors. Bugs have been logged. On Sep 9, 2009, at 3:36 PM, Simson Garfinkel wrote: > I have a 160GB iPod mounted on my Mac which cannot be read with > Sleuthkit. > > Here are my file systems: > > > You have new mail. > simsong@m:~$ df > Filesystem 1K-blocks Used Available Capacity Mounted on > /dev/disk0s2 1952925656 1809959328 142710328 93% / > devfs 112 112 0 100% /dev > map -hosts 0 0 0 100% /net > map auto_home 0 0 0 100% /home > /dev/disk3s2 156093728 32153536 123940192 21% /Volumes/NPS > Test User 1’s iPod > /dev/disk1s2 1074316 1025180 49136 96% /Volumes/ > MacSpeech English Data > > But notice that mmls doesn't recognize the partition: > > simsong@m:~$ mmls /dev/rdisk3 > Cannot determine partition type > simsong@m:~$ mmls -t list > Supported partition types: > dos (DOS Partition Table) > mac (MAC Partition Map) > bsd (BSD Disk Label) > sun (Sun Volume Table of Contents (Solaris)) > gpt (GUID Partition Table (EFI)) > simsong@m:~$ mmls /dev/rdisk3 > Cannot determine partition type > simsong@m:~$ mmls -t dos /dev/rdisk3 > Invalid magic value (File is not a DOS partition (invalid primary > magic) (Sector: 0)) > simsong@m:~$ mmls -t mac /dev/rdisk3 > Error reading image file (raw_read - offset: 512 - len: 65536 - > Invalid argument) (MAC Partition entry 1) > simsong@m:~$ mmls -t bsd /dev/rdisk3 > Error reading image file (raw_read - offset: 512 - len: 65536 - > Invalid argument) (BSD Disk Label in Sector: 1) > simsong@m:~$ mmls -t sun /dev/rdisk3 > Invalid magic value (SUN (intel) partition table (Sector: 0) 0) > simsong@m:~$ mmls -t gpt /dev/rdisk3 > Invalid magic value (Missing DOS safety partition (invalid magic) > (Sector: 0)) > > > Well, I know where the partition is, so let's try to access it > directly with fls: > > simsong@m:~$ fls /dev/rdisk3s2 > hfs_dinode_copy error: folder has non-directory type 0 > > Huh. It identified it as an HFS file system, but it couldn't read it. > > Notice that fls works fine on my root filesystem, which is also HFS: > simsong@m:~$ sudo fls /dev/rdisk0s2 > Password: > r/r 236078: .DS_Store > r/r 867325: .DS_Store (from old Mac) > r/r 80520: .file > d/d 236992: .fseventsd > d/d 19: .HFS+ Private Directory Data > r/r 236777: .hotfiles.btree > r/r 16: .journal > r/r 17: .journal_info_block > d/d 237046: .Spotlight-V100 > r/r 867327: .SymAVQSFile > r/r 867329: .symSchedScanLockxz > d/d 20: .Trashes > d/d 26103: .vol > r/r 21: .VolumeIcon.icns > d/d 293: Applications > d/d 2412505: bak > d/d 24060: bin > d/d 80532: cores > d/d 2422859: corp > d/d 867331: DARPA > r/r 1021197: darpa-report-nist-090520.doc > d/d 24771: dev > d/d 920633: Developer > l/l 24772: etc > d/d 237017: home > d/d 2412497: ISOs > d/d 393: Library > r/r 26170: mach_kernel > d/d 1021201: mnt > d/d 237016: net > d/d 80530: Network > d/d 2228419: opt > d/d 1021205: opt.x > d/d 199: private > d/d 4498: sbin > d/d 217: System > l/l 24812: tmp > d/d 37264: Users > d/d 288: usr > l/l 24813: var > d/d 26104: Volumes > d/d 1532461: xfer from alex > d/d 18: ����HFS+ Private Data > simsong@m:~$ > > > Anybody have a work-around? > > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 > 30-Day > trial. Simplify your report design, integration and deployment - and > focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july_______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ sleuthkit-users mailing list https://lists.sourceforge.net/lists/listinfo/sleuthkit-users http://www.sleuthkit.org |
| Free embeddable forum powered by Nabble | Forum Help |
