Wednesday, May 8, 2013

Fedora Security Lab | Flight 1 (examining an ecrypted drive)

Tonight I started to dig into learning more about Computer Security and Forensic. As a new employee to Red Hat I'll be working to expand my knowlage of how Fedora's Security Spin can help me in this process. 

Tonights journy was to install the Spin, and see if I could gain access to my Laptops HDD. 

It was a success.

Now to tell you how I did it. While this may seem failry basic it took arround 2hr to complet this taks (this includes 30 min to download and install the spin). 

Once I became familuar with the spin I began trying to mount my HDD (sda). 

A fairly simply task (for my boot partition)
mount /dev/sda1 /media
I unmount the partition here (so that I can use media as a general mount point).

However mounting my second partition (sda2) was not so easy, for two reasons.

  1. I use LUX to encrypt this partition
  2. I use LVM to further partition this block partition. 
Be cause of this I first had to find a way to mount my LUKS partitoin, this means unlocking the partition.
cryptsetup luksOpen /dev/sda2 drive
Enter passphrase for /dev/sda2:
What this command does is provides me an LVM mapping for sda2 to /dev/mapper/drive.  With this complete I can then scan all of the drives on the system and provide LVM mappings for each of the LVM partitions. 
vgscan
vgchange -ay VolGroup00
Followinig these commands you simply mount the partitions from your LVM voulum group just like you would any regular partition.
mount /dev/mapper/VolGroup00-root /media/
As I stated at the begining while not overly complicated if your unfamiluar with working with storage devices and LVM and LUKS this process can be fairly complicated and involved.