Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Live USB Backtrack Version - Does it access the HDD?

  1. #1
    Just burned his ISO LinuxNewbie's Avatar
    Join Date
    Jan 2010
    Posts
    1

    Question Live USB Backtrack Version - Does it access the HDD?

    Hello, i am sorry for the newb question but i was wondering if it does or not? thanks

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Live USB Backtrack Version - Does it access the HDD?

    It can run without accessing the hard drive. What are you concerned about exactly?
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Just burned his ISO
    Join Date
    Apr 2010
    Posts
    2

    Default Re: Live USB Backtrack Version - Does it access the HDD?

    when I run my (almost persistant) usb-BT it can see the laptops harddrive, and access files on it.

    But other than that I do not think it will touch enything without you telling it to do so.

  4. #4
    Member whitelisted's Avatar
    Join Date
    Feb 2010
    Posts
    72

    Default Re: Live USB Backtrack Version - Does it access the HDD?

    it will mount and use any linux swap partitions that it can find on your hard disk drives unless you boot into forensic mode.

    It access your other partitions (read only) when it is trying to locate filesystem.squashfs.

    If you have any ext3, ext4, or ntfs filesystems that weren't cleanly unmounted, it might reapply the journal even in forensics mode. There might be a fix for this soon.

  5. #5
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    5

    Default Re: Live USB Backtrack Version - Does it access the HDD?

    Quote Originally Posted by whitelisted View Post
    it will mount and use any linux swap partitions that it can find on your hard disk drives unless you boot into forensic mode.
    That was actually a question I had. When you boot Backtrack in forensic mode does it overwrite the memory stored in RAM?

  6. #6
    Member
    Join Date
    Feb 2010
    Posts
    103

    Default Re: Live USB Backtrack Version - Does it access the HDD?

    well, it depends on you, what you want it to do.You can access HDD by mounting its partitions etc, or when you install BackTrack then obviously you access HDD as well.

  7. #7
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Live USB Backtrack Version - Does it access the HDD?

    Quote Originally Posted by Kitten View Post
    That was actually a question I had. When you boot Backtrack in forensic mode does it overwrite the memory stored in RAM?
    That's not actually the same question (swap partitions are on disk not in memory), but yes, loading BackTrack will overwrite at least some of the contents of your memory. BackTrack requires memory to operate, so it has to. Operating Systems that are used to copy the contents of physical RAM (such as in a cold boot style attack) will usually be extremely small in order to minimise the amount of memory overwritten, but even they will overwrite some memory. BackTrack is not extremely small, and was not designed for that particular application.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  8. #8
    Just burned his ISO
    Join Date
    Dec 2008
    Posts
    4

    Default Re: Live USB Backtrack Version - Does it access the HDD?

    Quote Originally Posted by whitelisted View Post
    it will mount and use any linux swap partitions that it can find on your hard disk drives unless you boot into forensic mode.

    It access your other partitions (read only) when it is trying to locate filesystem.squashfs.

    If you have any ext3, ext4, or ntfs filesystems that weren't cleanly unmounted, it might reapply the journal even in forensics mode. There might be a fix for this soon.
    AFAIK, BackTrack 4 Final release removed all ext3/4, ntfs kernel modules from initrd image, so BackTrack would not recover these damaged file systems. However, this didn't fix a more serious bug that may result in wiping the whole drive when booting

  9. #9
    Just burned his ISO
    Join Date
    Dec 2008
    Posts
    4

    Default Re: Live USB Backtrack Version - Does it access the HDD?

    Quote Originally Posted by whitelisted View Post
    it will mount and use any linux swap partitions that it can find on your hard disk drives unless you boot into forensic mode.

    It access your other partitions (read only) when it is trying to locate filesystem.squashfs.

    If you have any ext3, ext4, or ntfs filesystems that weren't cleanly unmounted, it might reapply the journal even in forensics mode. There might be a fix for this soon.
    AFAIK, BackTrack 4 Final removed all ext3/4, ntfs kernel modules from initrd. So BackTrack will no longer recover these file systems during the boot.

  10. #10
    Member whitelisted's Avatar
    Join Date
    Feb 2010
    Posts
    72

    Default Re: Live USB Backtrack Version - Does it access the HDD?

    • boot from the live image
    • hit [down] twice to select forensics mode from the boot menu
    • hit [e] to edit the boot parameters
    • hit [e] again to edit the kernel line
    • add the argument "break=bottom" to the boot parameters
    • hit [enter]
    • hit [b] to boot using the modified boot parameters


    You should eventually find yourself at a prompt reading "(initramfs)". This is a bash shell located in the initramfs miniroot just before /proc, /dev, and /sys are remounted onto /root, which will eventually become your root filesystem.

    Code:
    (initramfs) egrep '(ntfs|ext[234])' /proc/filesystems
           ext3
           ext2
           ext4
           ext4dev
           ntfs
    (initramfs) /root/bin/lsmod | egrep '(ntfs|ext[234])' 
    (initramfs) gunzip -c /proc/config.gz | egrep -i '(ntfs|ext[34])' 
    CONFIG_EXT3_FS=y
    # CONFIG_EXT3_DEFAULTS_TO_ORDERED is not set
    CONFIG_EXT3_FS_XATTR=y
    CONFIG_EXT3_FS_POSIX_ACL=y
    CONFIG_EXT3_FS_SECURITY=y
    CONFIG_EXT4_FS=y
    CONFIG_EXT4DEV_COMPAT=y
    CONFIG_EXT4_FS_XATTR=y
    CONFIG_EXT4_FS_POSIX_ACL=y
    # CONFIG_EXT4_FS_SECURITY is not set
    CONFIG_NTFS_FS=y
    # CONFIG_NTFS_DEBUG is not set
    # CONFIG_NTFS_RW is not set
    (initramfs)
    Looks like the kernel has them compiled in statically.
    Last edited by whitelisted; 04-11-2010 at 05:35 AM.

Page 1 of 2 12 LastLast

Similar Threads

  1. Evaulation of my BT Home Hub Version 1.
    By JF1976 in forum BackTrack Howtos
    Replies: 3
    Last Post: 04-08-2010, 08:13 PM
  2. access bt4 running in virtualbox via vnc
    By bl0tch in forum Beginners Forum
    Replies: 5
    Last Post: 01-17-2010, 06:43 AM
  3. Live USB install - hard drive access
    By ForTheUSSR in forum Beginners Forum
    Replies: 2
    Last Post: 01-17-2010, 02:26 AM
  4. Problems with download Final Version 4
    By druss85 in forum Beginners Forum
    Replies: 4
    Last Post: 01-14-2010, 08:34 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •