How can I access ddimage archives?

My link was to some software that can interpret HFS+ one you get the image mounted with other tools. If these are Mac images FTK imager can virtually mount and interpret the file system.

Your dump is just how the disks where imaged. It does not help with the original disk file system. It just shows (if I understand it) that the disk has been imaged into 2GB sections.

It could be FAT, HFS+, NTFS, etc etc. It could be non standard, eg a video recorder, or CCTV system.

I am not sure if you will get much more help, other than helpful guesses, without knowing anything about the file content. A dump of sector 0 would be a good start.

Appreciated, forensicakb. -)

I might be making a little progress here. I found a Mac program called Jigsaw that is able to combine the segments into a single file. It's very slow, but it works. So I'm able to get these big single files onto my Drobo, which I presume are mountable images. They don't have filetype extensions on them and Mount Image Pro doesn't recognize them. They have names like "qla_3_ddimage".

Is there something I could do from the terminal in OS X that would give you the information you need about block 0?

Download something like WinHex and just open the first DD file. If it is DD, then it will be straight copies of sectors and the first 0x200 bytes will be a good pointer to what might be on the disk.

Have a look - you might actually enjoy being a bit 'techie'

OSX terminal command for dd images

sudo hdiutil attach -imagekey diskimage-class=CRawDiskImage /Volumes/'path to your image' -shadow

For other information Presumably you know something about these computers prior to them being imaged/handed over to you?

Would it be possible that some of these images are of drives out of an xserve (or similar) that had a RAID arrangement for the drives? (ie, 3x80GB drives, that were set up with RAID5 or something similar)
That might explain the complications in mounting some of the images (as the software will be expecting a complete filesystem, and it's sliced over multiple drives)

Also, have you checked ALL the images to try open them with something? (I'd recommend using FTK Imager (from www.accessdata.com - it's free, and the new version 3.0 can also mount images as a drive volume as well like MIP does…and it's free. It also has a CLI version for OSX if you'd have to remain on that platform as well…)

Also, have you checked ALL the images to try open them with something? (I'd recommend using FTK Imager (from www.accessdata.com - it's free, and the new version 3.0 can also mount images as a drive volume as well like MIP does…and it's free.

FTK Imager is definitely worth a try! It will handle toe split images with ease. Alternatively, since you have a Mac at your disposal, you can try installing Autopsy/Sleuthkit (easily done if you do it through MacPorts, and quite easy to install from source code too!). It also will handle the split image with ease.

Hope this helps

If you're using a Mac you should be able to use something like the Disk Management Tool (built in to OS X) to mount the reassembled drives. You shouldn't need any third party tools to do so. Beetle touched on this already but it really isn't that complicated. Now wish I had my Mac in front of me so I could tell you the exact process.

Hey all -

I finally resolved my issues and thought I'd post it here in case it benefits someone else.

First, the one HD that could not be read, turns out it was a Linux Ext2 disk. I found and installed something called fuse-ext2 on my Mac, restarted, and now the Mac recognizes it no problem.

So then I had all 8 HDs filled with segmented files. I evaluated and bought a shareware program on the Mac called JigSaw that made it very easy to recombine all the segments into single large image files, all of which I saved on my Drobo.

The images were named qhq_x_xxx_ddimage with no filetype extension, and nothing could recognize them, not even MountFiles on Windows. On a whim I simply added a .dmg extension to them, and the Mac opened them all up with no problem at all.

Problem solved! This worked for all images Macs, Windows, iPods, and various cell phones.

One note I did try the .dmg trick on several of them before installing Ext2 and the Mac could not recognize them. After Ext2 was installed, the Mac recognized all of them with no problems. My guess is that the tech accidentally copied everything onto a virtual Linux volume which he then segmented, but I could be wrong. Anyway it works. -)

Thanks again to everyone who spent the time sharing their expertise with me.

Great Volley -)

It's SO nice to see someone come on ask for help, actively participate in the help being offered, and then POST the results of what happened.

If you can't tell Volley, most people come in here, post a question, don't tell you anything about what is going on, and rarely ever tell you what the end result is.

Glad you got it worked out.