Forums
Main Category
General (Technical,...
Convert .e01 to run...
 
Notifications
Clear all

Convert .e01 to run on VMware

 
Page 1 / 2
General (Technical, Procedural, Software, Hardware etc.)
Last Post by jaclaz 7 years ago
12 Posts
9 Users
0 Reactions
13.6 K Views
RSS
 redusadaz
(@redusadaz)
Active Member
Joined: 15 years ago
Posts: 7
Topic starter 28/11/2012 6:37 pm  

All

I'm trying to convert my image to run on VMware, but don't appear to be having much luck, or there is an easier way. I am following these instructions

http//www.computerforensicsworld.com/modules.php?name=Forums&file=viewtopic&t=3049


   
Quote
keydet89
 keydet89
(@keydet89)
Famed Member
Joined: 21 years ago
Posts: 3568
28/11/2012 6:38 pm  

Which method did you use? Several were discussed in the thread…


   
ReplyQuote
 redusadaz
(@redusadaz)
Active Member
Joined: 15 years ago
Posts: 7
Topic starter 28/11/2012 7:02 pm  

I've mounted with mount image pro, and then trying to use liveview to process


   
ReplyQuote
 ddelija
(@ddelija)
Active Member
Joined: 17 years ago
Posts: 14
28/11/2012 7:38 pm  

it really depends on which version of vmarwe workstation are you using and forensic Sw or image mountig software…

more or less it works well on windows XP, with encase and latest workstation

but can be tricky on win 7

There are some info on that on guidance support forum


   
ReplyQuote
keydet89
 keydet89
(@keydet89)
Famed Member
Joined: 21 years ago
Posts: 3568
28/11/2012 8:46 pm  

I've mounted with mount image pro, and then trying to use liveview to process

And what was the result? Did you get an error message from LiveView? If so, what was it, exactly?


   
ReplyQuote
 eyez0n
(@eyez0n)
Eminent Member
Joined: 18 years ago
Posts: 29
28/11/2012 11:58 pm  

I normally use FTK Imager to mount the .e01 and then LiveView to create the Virtual Machine (both of which are FREE!). My understanding is that LiveView is no longer supported and does not properly create VM's of Windows 7 boxes (I have not confirmed this yet for myself, however, so take it for what it is worth).

One of my co-workers used VFC (http//www.virtualforensiccomputing.com/) at his last place of employment and said it does work well with Windows 7 images. We have submitted a purchase request for it but not yet received the software so I cannot confirm its funcitonality (although I explicitly trust the co-worker's judgement).


   
ReplyQuote
jaclaz
 jaclaz
(@jaclaz)
Illustrious Member
Joined: 18 years ago
Posts: 5133
30/11/2012 1:44 am  

I would much more plainly use
http//www.osforensics.com/tools/mount-disk-images.html
convert the thingy to RAW and then make either a .pln or a .vmdk descriptor file for it.

Then I would see if a Windows repair would make it boot under VMware.

jaclaz


   
ReplyQuote
 YurikSoft
(@yuriksoft)
New Member
Joined: 7 years ago
Posts: 1
03/12/2018 10:18 am  

You can try connect .e01 disk images to VMware Workstation without converting it.
You can use Disk Adapter For VMware Workstation for this.
This link to article how it works https://www.yuriksoft.com/connecting-forensics-images-to-virtual-vmchine.html
And video instruction https://youtu.be/eZn5FrNqk1g


   
ReplyQuote
 EntT
(@entt)
Active Member
Joined: 7 years ago
Posts: 5
03/12/2018 10:50 am  

If you mount the E01 using FTK Imager, you don't have to convert to RAW and take up double the disk space.

Of course, it won't boot very well if you don't allow write access which still makes you have to do a copy to keep your original E01 intact.

I use VirtualBox to boot the mounted image. You will have to run this first to create a .vmdk file
vboxmanage internalcommands createrawvmdk -filename "x\filename.vmdk" -rawdisk \\.\PhysicalDrive10Change filename path to whatever and the physicaldrive number to the one FTK Imager created.


   
ReplyQuote
 Dimi
(@dimi)
Active Member
Joined: 8 years ago
Posts: 13
03/12/2018 11:55 am  

Use the linux tool 'xmount' to convert de E01 to VDI of VMDK


   
ReplyQuote
Page 1 / 2
Forum Jump:
  Previous Topic
Next Topic  
Share: