Malware detection s...
 
Notifications
Clear all

Malware detection software that can read images .dd, .raw, .E01

cybertend
(@cybertend)
New Member

Anyone know of any anti-malware/malware detection software that can be run against an image without mounting the image or otherwise modifying the image?

Quote
Topic starter Posted : 15/11/2021 3:49 am
alanharper
(@alanharper)
New Member

If I may ask, what issue do you have with mounting since there a free and paid tools that will mount read only and protect the evidence?  OSF Mount, Arsenal Image Mounting and Mount Image Pro come to mind.

ReplyQuote
Posted : 16/11/2021 4:15 pm
cybertend
(@cybertend)
New Member

Agree, this is the approach 99% of the time.  However we are doing investigations against quite a number of servers and systems.  The images are going to a central repository where we hoped to use some tools on the images themselves.

ReplyQuote
Topic starter Posted : 17/11/2021 1:24 am
Passmark
(@passmark)
Active Member

Having disk images in central repository doesn't stop you mounting the image.

You can also mount them from command line via script, or mount read only, or just duplicate  the image and work on the duplicate, to be really really over the top safe.

Working from central repository might make it rather slow to process however, as network latency & bandwidth is typically an order of worse than a local SSD. Better to do the job on a local drive and just use repository for long term archiving IMHO. 

ReplyQuote
Posted : 18/11/2021 12:13 am
Aquachimere
(@aquachimere)
Junior Member
Posted by: @cybertend

Anyone know of any anti-malware/malware detection software that can be run against an image without mounting the image or otherwise modifying the image?

Orange Malware Cleaner mount E01 files in order to analyse them.

 

https://www.orange-business.com/fr/produits/malware-cleaner

 

This post was modified 2 weeks ago by Aquachimere
ReplyQuote
Posted : 23/11/2021 6:39 am
Share: