CAINE Live CD uses the USA keyboard layout.
We suggest to change the layout using the program “Keyboard Preferences” in System -> Preferences, in the GNOME menu or using the command “sudo setxkbmap -layout xy” (xy = “it”, “gb”, “de”…) in the command line. BTW there is a launcher on the desktop.
In the CAINE TEXT MODE only, change the keyboard layout by
“sudo loadkeys xy” (xy = “it”, “gb”, “de”…)
Andiamo a vedere le partizioni del pc
fdisk -l
Instructions:
Left-click the disk icon to mount a device.
Right-click the disk icon to change the system mount policy.
Middle-click will close the mounter application. Relaunch from the menu.
The mounted devices will not be affected by mount policy changes. Only subsequent mounting operations will be affected.
– If the user decides to mount a device via terminal, he can use the “mount” command but all the mount options must be specified.
– If the user wants to mount and write on an NTFS media should instead use the “ntfs-3g” command (e.g., $ sudo ntfs-3g -o rw /dev/sda1 /media/sda1).
sudo ntfs-3g -o rw /device-path /your-mount-point
You can redirect the output on an RW mounted device in these ways:
- Terminal window –> sudo su –> (eg. fdisk -lu > /media/sdb1/fdisk.txt)
- Terminal window –> output redirect in, for example: /home/caine, then sudo cp fdisk.txt /media/sdb1
- sudo bash -c “fdisk -lu > /media/sdb1/fdisk.txt”
The ext3 driver will be ignored when ext2 and ext3 partitions are mounted in the future and the ext2 driver used instead. This protects any ext3 partitions from a forensic point-of-view. Ext2 does not use journaling, so when an ext3 partition is mounted, there is no danger of modifying the meta-data when increasing the count inside said journal.
Applying a special patch (Maxim Suhanov’s patch) we fixed the bug, that changed the journal of the ext3/ext4 file system, when the computer was switch off not using the shutdown procedure. Fixed in the fstab: forbidding the auto-mounting of the MMCs and put a control for the “esotic names” like /dev/sdad1
Bash Scripts Tools directory:
the tools MUST be launched by sudo sh script_name.sh
Check ‘foremost.conf’ you can add your own definitions there for headers, also see the magic file ‘whereis magic’, it has headers to be able to identify file types:
#------------------------------------------------------------------------------ # sql: file(1) magic for SQL files # # From: "Marty Leisner" <mleisner@eng.mc.xerox.com> # Recognize some MySQL files. # 0 beshort 0xfe01 MySQL table definition file >2 byte x Version %d 0 belong&0xffffff00 0xfefe0300 MySQL MISAM index file >3 byte x Version %d 0 belong&0xffffff00 0xfefe0700 MySQL MISAM compressed data file >3 byte x Version %d 0 belong&0xffffff00 0xfefe0500 MySQL ISAM index file >3 byte x Version %d 0 belong&0xffffff00 0xfefe0600 MySQL ISAM compressed data file >3 byte x Version %d 0 string \376bin MySQL replication log
Now just add a new entry to the ‘foremost.conf’ follow the other examples there.