Join Us!

Notifications
Clear all

Mounting an image  

Page 1 / 5
  RSS
keydet89
(@keydet89)
Community Legend

Can anyone recommend a tool for mounting a dd image under Windows besides Mount Image Pro or EnCase?

How about mounting a dd image of a logical drive under Windows?

Thanks,

Harlan

Quote
Posted : 15/03/2007 5:10 am
wilber999
(@wilber999)
Junior Member

I am a big fan of FTK Imager. It should accomplish both of your tasks

ReplyQuote
Posted : 15/03/2007 7:14 am
hogfly
(@hogfly)
Active Member

harlan,

Cygwin should be able to provide this through the loopback adapter.
Paraben P2 explorer is similar to MIP

I don't know of much else off the top of my head.

ReplyQuote
Posted : 15/03/2007 7:30 am
keydet89
(@keydet89)
Community Legend

Gents,

Thanks for the responses. One of the guys on my team has an image of a logical partition/drive, and needs to mount it to scan it with AV. I've sent your suggestions to him…I did notice at the P2eXplorer page that it says that is supports both physical and logical image types, so that may work.

Thanks again,

Harlan

ReplyQuote
Posted : 15/03/2007 3:54 pm
bgrundy
(@bgrundy)
Member

Cygwin should be able to provide this through the loopback adapter.

Unless things have changed recently, Cygwin does not have that capability in windows, although you *can* use something like FileDisk (http//www.acc.umu.se/~bosse/) to create target mounts for Cygwin. One of our techs tested this when it first came out (not sure if he used it with Cygwin or not) and he sent us out a notice about it.

Harlan, I never got around to using FileDisk myself, but it might be close to what you are looking for. If P2eXplorer is not ideal, this is another option to pass on. YMMV.

Barry
NASA OIG CCD
(from the Bat Cave)

ReplyQuote
Posted : 15/03/2007 4:09 pm
bgrundy
(@bgrundy)
Member

ReplyQuote
Posted : 15/03/2007 4:10 pm
keydet89
(@keydet89)
Community Legend

Barry,

Thanks, I'm waiting to hear back from our guy with the issue.

H

ReplyQuote
Posted : 15/03/2007 5:55 pm
Marat
(@marat)
Junior Member

try http//chitchat.at.infoseek.co.jp/vmware/vdk.html

ReplyQuote
Posted : 15/03/2007 6:03 pm
hogfly
(@hogfly)
Active Member

Unless things have changed recently, Cygwin does not have that capability in windows, although you *can* use something like FileDisk (http//www.acc.umu.se/~bosse/) to create target mounts for Cygwin. One of our techs tested this when it first came out (not sure if he used it with Cygwin or not) and he sent us out a notice about it.
Barry
NASA OIG CCD
(from the Bat Cave)

You're right that was my bad. I thought they'd finally added it, but guess not.

ReplyQuote
Posted : 15/03/2007 6:46 pm
keydet89
(@keydet89)
Community Legend

Marat,

I'll definitely have to take a look at VDK.

Does anyone have any experience with it?

H

ReplyQuote
Posted : 15/03/2007 7:20 pm
Marat
(@marat)
Junior Member

keydet89,

Does anyone have any experience with it?

yes D

very good tool for mount dd image.I think ,getdata used experience of vdk for making "mount image pro".
old version of "mount image pro" and vdk use identical command etc.

ReplyQuote
Posted : 15/03/2007 9:44 pm
keydet89
(@keydet89)
Community Legend

After looking around a bit, here's what I've found (with the caveat that I've tested portions of this at various points, but not all of it together)…

With a dd image of a system, taken with FTK Imager Lite, ProDiscover, or plain ol' dd, you can then use either LiveView or even ProDiscover to create the necessary .vmdk files. From there, get the following

VDK
http//chitchat.at.infoseek.co.jp/vmware/vdk.html

VDK GUI
http//petruska.stardock.net/Software/VMware.html
**Don't forget the core files

Alternatively, you can use Virtual Drive Manager
http//home.graffiti.net/jaclazgraffiti.net/Projects/VDM/vdm.html

At this point, you should have everything you need to mount a dd-image as a read-only drive letter. I tried using the VMWare-mount utility (DiskMount), but it is NOT read-only.

Again, like I said, I haven't testing this all the way through…but I have used LiveView before, and I pointed VDK at a .vmdk file from one of my VMWare sessions and was successful in mounting the K drive. This was against an XP VMWare session.

Thanks for your help everyone! Unfortunately, this issue came up *after* the chapter of my book that talks about alternative methods of analysis went to production! 😉

ReplyQuote
Posted : 15/03/2007 10:43 pm
hogfly
(@hogfly)
Active Member

Maybe something for the website that supports the book?

ReplyQuote
Posted : 15/03/2007 11:22 pm
keydet89
(@keydet89)
Community Legend

Without a doubt…wait, there's a website??? 😉

ReplyQuote
Posted : 15/03/2007 11:25 pm
keydet89
(@keydet89)
Community Legend

Since I've got some other stuff in the works already, I may have to create a "stuff that didn't make it into the book" label on my blog…

ReplyQuote
Posted : 15/03/2007 11:34 pm
Page 1 / 5
Share: