Hello everyone.
I have taken forensic image of an harddisk with MacQuisition CF. Extension of the image files are .dmg…
Can anyone help me how can i convert this format into .E01 or dd.
thanks.
You can use free AccessData FTK Imager
open .dmg file and next export disk image
You can choose E01, DD, AFF etc
Hello everyone.
I have taken forensic image of an harddisk with MacQuisition CF. Extension of the image files are .dmg…
Can anyone help me how can i convert this format into .E01 or dd.
thanks.
Another simple method, unfortunately requires MAC OSX
hdiutil convert YourDiskImage.dmg -format UDTO -o YourDiskImage.dd
I tried FTK Imager. It does not work. I have files like .dmg, .001.dmgpart, .002.dmgpart… Goes on. FTK Imager only works .dmg file. it does not see the other image files.
does hdutil process all the image files?
sure,
hdiutil convert ./YourFile.dmg -format UDRO -o BigFile.dmg
If you have Mac, or just dvd with Mac installer, you can use also "Disk Utility" it should do it also.
Thanks Michalwrp. it works.
I used Disk Utility and made one single big file. By mac computer I mounted dmg file. Now I can convert to the other image formats.
being newbie makes this job difficult, I think.
I am very pleased..
Just make sure you mount these .dmg image read-only.
And don’t worry to being newbie. Computer Forensic is so huge interdisciplinary area, that we all are newbies sometimes… )
being newbie makes this job difficult, I think.
Trust me there is much more 😉
There will always be something new in the field that you will encounter that will make you feel like you don't know anything. That being said however, don't think that a) things will work as advertised b) there is not another way c) you are not good/smart/experienced enough. Its a hacker mentality that is needed as a base for this field - just be patient and try not to get overly frustrated P
Someone correct me if I am wrong, but .DMG is a raw file format, exactly the same as .DD. The only difference being the file extension (and the fact that to mount a .DMG file in a native Mac environment, the first image segment must be named .dmg and the rest of the segments must be numbered sequentially and end in .dmgpart). Renaming the file segments sequentially to .dd would work fine. Or, if using Guidance Software's illustrious tool, simply adding the segments (in the proper order) as a raw image would also work.
-db
Not quite,
Dmg is kind of raw disk, but can have build in compression function (CUDIFEncoding) and encryption (CEncryptedEncodin). So I think it is better to convert it first, to make no mistake, especially in forensics…