Skip to primary content
ConsortiumInfo.org
Search
Sponsored by Gesmer Updegrove
  • Blog
  • About
  • Guide
  • SSO List
  • Meta Library
  • Journal
meta library

The Linux Kernel and the Forensic Acquisition of Hard Disks with an Odd Number of Sectors

Title
The Linux Kernel and the Forensic Acquisition of Hard Disks with an Odd Number of Sectors
Author
Jesse Kornblum, Computer Crime and Intellectual Property Section of the United States Department of Justice
Date
10/27/2008
(Original Publish Date: 9/22/2004)
Abstract
No official version of the Linux kernel, up through and including version 2.4, allowed a user land process to access the last sector of a hard disk or hard disk partition with an odd number of sectors. Although the inability to access this last sector did not affect normal operation of the system, it did prevent the complete forensic acquisition of such a disk. The author repeats an earlier experiment to verify the issue in version 2.4 of the kernel and then shows that the issue has been resolved in version 2.6. Systems using version 2.6 of the Linux kernel can completely forensically acquire disks or partitions with an odd number of sectors.
Link
Full Text (PDF)
Technical Areas
  • By Technical Area
  • General/Other
  • Linux
  • North America
  • Open Source
  • Regional/National
  • Safety
  • Security
  • Standards & Society
Gesmer Updegrove
  • Terms of Use and Privacy Policy
  • Contact
  • Sitemap