vitaly-kamluk / bitscout

Remote forensics meta tool

GNU General Public License v2.0

461 stars 109 forks source link

NBD client and NBD server. #11

Closed melorium closed 7 years ago

melorium commented 7 years ago

I installed today the NBD server and client into the cointanier 10.0.3.2 Im able to list the block devicea from the expert machine With the command nbd-client -l 10.1.0.2 2000. And i tried to export evidence0 but i didnt understand how to map it from expert machine. Do you have any idea how the server conf should be and the syntax from the expert machine to map evidence0 as a local media? Dennis

melorium commented 7 years ago

Do you have plans for compile NDB in your solution here? Can evidence0 be exported with a network block server? Dennis

vitaly-kamluk commented 7 years ago

Hello Dennis, Thank you for your continued interest to the project. You may find a good description on how to access evidence0 over the network in this wiki page: https://github.com/vitaly-kamluk/bitscout/wiki/Advanced-Usage

Let us know if it worked for you!

melorium commented 7 years ago

Thank you very much :)

melorium commented 7 years ago

The first thing work real good and thanks a lot for that. I tried the nbc-server thing but I don't find it installed on the cd ??? but maybe I need ti install it in the iso. i didn't find the directory /etc/nbd-server Dennis

melorium commented 7 years ago

bcadmin@ubuntu:~$ sudo nbd-client -l 10.1.0.2 2000 Error: Socket failed: Connection refused

Get this all the time when I'm connecting to container

vitaly-kamluk commented 7 years ago

Ok, seems that nbd-server is not bundled with current public version of bitscout yet. You can either install it on live running system with # apt install nbd-server on container or add the package in scripts/chroot_install_base.sh and rebuild the iso.
We will update the project and include nbd-server soon to make it easy for all.

melorium commented 7 years ago

Yes il tried to install it on container and using the /etc/nbd-server/config you told me but when I connect I get this error "bcadmin@ubuntu:~$ sudo nbd-client -l 10.1.0.2 2000 Error: Socket failed: Connection refused"

melorium commented 7 years ago

Everything works real good now with NBD. I find out that I need to RW it in the config. Don't know why but here is my config for NBD server

[generic]

If you want to run everything as root rather than the nbd user, you

may either say "root" in the two following lines, or remove them

altogether. Do not remove the [generic] section, however.

    user = nbd
    group = nbd
    includedir = /etc/nbd-server/conf.d
    port = 2000

What follows are export definitions. You may create as much of them as

you want, but the section header has to be unique.

[Bitscout]

    exportname = /dev/host/evidence0
    readonly = true

melorium commented 7 years ago

haha somthing get wrong there but "readonly = true" did it.

Dennis

melorium commented 7 years ago

I run the linuxshell included in Windows 10 and now I'm able to open the blockdevice NDB from X-Was. Its a very good solution for remote forensics.

I use the imager in W-Ways now.

Thanks you for a fantastic software.

Dennis