Anyone know of any anti-malware/malware detection software that can be run against an image without mounting the image or otherwise modifying the image?
If I may ask, what issue do you have with mounting since there a free and paid tools that will mount read only and protect the evidence? OSF Mount, Arsenal Image Mounting and Mount Image Pro come to mind.
Agree, this is the approach 99% of the time. However we are doing investigations against quite a number of servers and systems. The images are going to a central repository where we hoped to use some tools on the images themselves.
Having disk images in central repository doesn't stop you mounting the image.
You can also mount them from command line via script, or mount read only, or just duplicate the image and work on the duplicate, to be really really over the top safe.
Working from central repository might make it rather slow to process however, as network latency & bandwidth is typically an order of worse than a local SSD. Better to do the job on a local drive and just use repository for long term archiving IMHO.Â
Anyone know of any anti-malware/malware detection software that can be run against an image without mounting the image or otherwise modifying the image?
Orange Malware Cleaner mount E01 files in order to analyse them.
Â
https://www.orange-business.com/fr/produits/malware-cleaner
Â
Not specifically designed for this task, but there is a malware detection function in Belkasoft X.