AIX raw image foren...
 
Notifications
Clear all

AIX raw image forensic

3 Posts
3 Users
0 Likes
1,147 Views
(@nalaka)
Posts: 1
New Member
Topic starter
 

Hi All,

Is there anyone who has conducted forensic analysis on AIX image. Even though Linux kernel supports JFS file system, I can't mount the raw AIX disk images in Linux. Is there any specific software we could use to mount the image or do forensic investigation on Linux or Windows?

 
Posted : 10/07/2015 3:41 pm
(@cvanaernam)
Posts: 10
Active Member
 

If you have access to EnCase we were able to get v6.19 to display the contents of a DD image of an AIX system. Once you add the raw image you need to right click on the evidence and then scan for LVM before the data presents itself.

The OS uses Logical Volume Management which abstracts the storage from the physical hardware. On top of LVM, AIX uses the JFS filesystem.

 
Posted : 12/08/2015 2:15 am
(@dmitri)
Posts: 12
Active Member
 

We specialize in challenging RAID recoveries and I didn't see the tool, which could handle each and every AIX job properly. I think because AIX is quite an uncommon thing.

We have developed our own data recovery software, which supports AIX properly.
I need more info to tell about forensic analysis, but will be happy to help with recovery remotely.
Please feel free to contact me if necessary.

 
Posted : 16/08/2015 5:25 am
Share: