[ale] linux old timers question (late 1990s)

Greg Freemyer greg.freemyer at gmail.com
Wed Nov 22 14:36:57 EST 2006 

Jerry,

I never got it to boot, but I admit to not trying too hard.

I did successfully use gpart to scan the drive and identify an ext2
partition on the drive.  I have mounted it with "mount -o
loop,offset=".

Thanks for the suggestion and if I need it to boot I will try your
suggestion in more detail later.

Thanks
Greg

On 11/3/06, Jerry Yu <jjj863 at gmail.com> wrote:
> greg, did this work? I guess this is not a lot different from poping the
> drive into a generic old pc to try boot with the drive.
>
>
> On 11/1/06, Jerry Yu < jjj863 at gmail.com> wrote:
> > can you try to boot with it, using /usr/lib/syslinux/memdisk under a
> working Linux box?  Not from experience, but from RTFM.
> > Basically you'll need to do the following on a working Linux box:
> >
> >
> > cp /usr/lib/syslinux/memdisk to /boot
> > cp the disk image to /boot (assume named oldpc.img)
> > add a GRUB entry like something below:
> > Title  old PC image could be a 2.0 linux
> >                kernel /memdisk
> >                initrd /oldie.img
> >
> >
> > boot and select "old PC image could be a 2.0 linux"
> >
> >
> > On 11/1/06, Greg Freemyer <greg.freemyer at gmail.com> wrote:
> > > All,
> > >
> > > I have an old 80 MB disk I need to figure out/review.  Appears to be
> > > from the late 1990s.
> > >
> > > I've used dd to make a copy of it.
> > >
> > > It does not seem to have a traditional partition table and running
> > > file against it tells me:
> > >
> > > dd-image: Linux/x86 Kernel, Setup Version 0x201, zImage, RO-rootFS,
> > > root_dev 0xFF, Normal VGA
> > >
> > > Which is very close to what I get if I run file against a current
> > > kernel in /boot.
> > >
> > > So it looks like the the first portion of this 80 MB disk is a linux
> > > kernel.  Running strings against it I see:
> > >
> > > >>
> > > 4rz6
> > > C9m{
> > > 8;R~
> > > gP~IA~q
> > > olh~
> > > t0DO
> > > ~c-f9
> > > 4*{&j
> > > ca)m
> > > ]ZF*
> > > sY>L
> > > E]xb
> > > RQSP
> > > Loading
> > > $HdrS
> > > ZZuC
> > > PQ0
> > > No setup signature found ...
> > > Wrong loader, giving up...
> > > 2.0.29 (source at alyshia) #51 Mon Apr 7 02:49:06 PDT 1997
> > > INT15 refuses to access high mem, giving up...
> > > <<
> > >
> > > Which makes me think that this is a 2.0.29 kernel from 1997.  (I don't
> > > know if those dates are consistent or not.)
> > >
> > > Can anyone tell me how I can find a filesystem on this image?  ie.
> > > What is the offset to the start of any and all filesystems.
> > >
> > > I assume if I knew the offset I could do a mount -o loop  to mount it
> > > and take a look around at the filesystem.
> > >
> > > Thanks
> > > Greg
> > > --
> > > Greg Freemyer
> > > The Norcross Group
> > > Forensics for the 21st Century
> > > _______________________________________________
> > > Ale mailing list
> > > Ale at ale.org
> > > http://www.ale.org/mailman/listinfo/ale
> > >
> >
> >
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
>


-- 
Greg Freemyer
The Norcross Group
Forensics for the 21st Century

More information about the Ale mailing list