CSCI 372 Computer Computer System Administration — 31 March

Raspberry Pi 2

Maybe we should try (as best we can) to share one of the newer and faster Raspberry Pi2 systems. If you can’t get to your own Pi, connect to uncacsci-pi2-c.cs.unca.edu as user pi using the usual password. Quickly create a login for yourself and place this account in the group sudo. Log out.

Log back into uncacsci-pi2-c.cs.unca.edu with the account you just created and make sure you can do the sudo command.

Partitioning

Take a look at a saved script of repartitioning a Raspberry Pi disk to have an additional primary partition and an extended partition, which can later be used to build logical parition. You can log into your Pi and try it out or you can watch while these operations are performed on uncacsci-pi2-c.cs.unca.edu.

In any case, the system will need to be rebooting for the kernel to use the new partitions.

Making logical volumes

Take a look at a saved script of creating logical volumes. After the system reboot, we will ue the LVM utilities to make some logical volumes. We also use mkfs to format some file systems.

You can try this on your Pi or your virtual machine. Once the volume group is created on uncacsci-pi2-c.cs.unca.edu, we can all create our own logical volumes; however, you will need to create small logical volumes quickly.

In any case, you should use reasonable names for your logical volumes and edit /etc/fstab so your file system will be mounted when the system boots.

Trying out a loopy device

In computer forensics, you may be analyzing a copy of a file system that has been copied to a regular file. You can create a working copy of the original file stored in a regular file using a loop device. It is a good idea to do this in read-only mode.

Of course, doing this requires a copy. Use the ever useful dd to make a copy of the /boot file system on your Pi. Don’t be messing with /boot when you copying its bits. That will mess things up.

The /boot partition is formatted using a VFAT file system. The VFAT file system was introduced in Windows 95. If you’d like to be even more old fashion, you can download a real image of an MS/DOS formatted floppy disk. In case your dd failed, you can also download an image of /boot.

Now it’s time to try out the losetup command. This is a little involved, so take a look at a saved script of mounting the file copy using the loop device.

My big FAT Geek Wading

It’s useful to have a little information about forensics of file system. It’s most useful if the information is about a widely used file system, like NTFS; but we will little for the good ole FAT system which, after all, is used in every digital camera and almost all USB sticks.

Here are a few useful references about the FAT file system.

• Microsoft’s speciation
• The FAT File System, a very nice description written by Igor Kholodov for a A+ certification course at Bristol (Massachusetts) Community College
• FAT and the forensics Wiki
• Wikipeida

On your Pi, look for the file /boot/cmdline.txt. We are going to find this the hard way in class using the copy of /boot you make earlier.

You will need to take notes because my notes are nothing more than a script file of my latest attempt. (I hope I didn’t delete anything important when I got rid of all my bad commands.)

Warning: Expect an upcoming homework like Homework 7 in the Spring 2013 CSCI 331.

Where is your system?

atyas-pi        IN      A       152.18.69.50
kazantsev-pi    IN      A       152.18.69.51

andrae-pi       IN      CNAME   uncacsci-pi-i
el-khouri-pi    IN      CNAME   uncacsci-pi-a
hayes-pi        IN      CNAME   uncacsci-pi-e
henderson-pi    IN      CNAME   uncacsci-pi-c
matney-pi       IN      CNAME   uncacsci-pi-w
mccallen-pi     IN      CNAME   uncacsci-pi-n
mcdaniel-pi     IN      CNAME   uncacsci-pi-s
nowak-pi        IN      CNAME   uncacsci-pi-k
sarkisov-pi     IN      CNAME   uncacsci-pi-j
schroeder-pi    IN      CNAME   uncacsci-pi-y
staley-pi       IN      CNAME   uncacsci-pi-v