Get Hands-on with Amazon EKS - Workshop Event Series

Whether you're taking your first steps with Kubernetes or you're an experienced practitioner looking to sharpen your skills, our Amazon EKS workshop series delivers practical, real-world experience that moves you forward. Learn directly from AWS solutions architects and EKS specialists through hands-on sessions designed to build your confidence with Kubernetes. Register now and start building with Amazon EKS!

AWS linux forensic

we have create three AWS linux AMI volumes (Xvda1, xvdf1, xdvf2)from 3 forensic snapshot. now i need to mount to forensic instance(already have xvda1 and xvdf1), should I mount the three volumes from compromised instance to xvda2, xvdf2, xvdf3 in sequence in the forensic EC2 instance?

Topics: Compute
Tags: Amazon EC2
Language: English

AWS-User-6667474

asked 4 years ago281 views

1 Answer

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

From this distance it's not possible to say. It depends entirely on how they were mounted and how the original operating system used those volumes. If you intend to use the volumes in the same way as the original instance then they must be mounted in the same way on your forensic instance.

EXPERT

Brettski-AWS

answered 4 years ago

AWS-User-6667474
4 years ago
compromised instance: xvda1 ---/(mount point) xvdf1----/a (mount point) xvdf2-----/b (mount point)

forensic instance xvda1----/(mount point) xvdf1-----/c (mount point)

I can't mount xvda1 from compromised instance to forensic instance xvda1, because it will overwrite xvda1 partition, i should mount xvda1 from compromised instance to xvda2 of forensic instance or i should mount into xvdf2? as xvda1 is root partition in compromised instance.

Relevant content

Forensic and statistical analysis FAILED the exam
f12awsu
asked 4 years ago
Forensic and statistical analysis FAILED the exam
rePost-User-7330444
asked 3 years ago
Forensic and statistical analysis on the AWS Certified Solutions Architect exam
AWS-User-6123713
asked 4 years ago
EC2 instance /etc folder deleted , couldnt connect now AMI- ami-04b4f1a9cf54c11d0
rePost-User-5243116
asked a year ago
How can I mount an Amazon EFS volume to AWS Batch in a managed compute environment?
AWS OFFICIALUpdated a year ago
How do I copy my Amazon EBS snapshot data to my Amazon S3 bucket?
AWS OFFICIALUpdated 4 months ago
How do I convert the default MBR partitioning scheme of my CentOS EC2 instance to GPT so that I can bypass the 2-TiB limit for MBR partitions on my EBS volume?
AWS OFFICIALUpdated a year ago
How do I extend my Linux file system after I increase my Amazon EBS volume on my Amazon EC2 instance?
AWS OFFICIALUpdated 3 months ago
Increase the EBS volume in running EMR cluster
SUPPORT ENGINEER
Yokesh NK
published 2 years ago
Cloning a VM using pyVmomi in VMware Cloud on AWS
EXPERT
Patrick Kremer
published 2 years ago

AWS linux forensic

Add your answer

Relevant content