Forums
Main Category
General (Technical,...
Mounting an image
 
Notifications
Clear all

Mounting an image

 
Page 7 / 7
General (Technical, Procedural, Software, Hardware etc.)
65 Posts
13 Users
0 Reactions
6,683 Views
RSS
jaclaz
 jaclaz
(@jaclaz)
Illustrious Member
Joined: 18 years ago
Posts: 5133
09/12/2008 6:49 pm  

Well as I just pointed out it doesn't work with server 2008 64 bit, whereas a vm or a linux box with a samba share works just fine for analysis.

Have you tried the x64 version of VDK? ?

Here
http//oss.netfarm.it/win32/

jaclaz


   
ReplyQuote
 JimmyW
(@jimmyw)
Trusted Member
Joined: 20 years ago
Posts: 64
15/12/2008 9:24 am  

If you have VMware, the vmware-mount utility that's in the Disk Developers Kit works very well. I run it on XP and Vista 32/64 systems, and I can mount dd images of either of those systems quite easily. I have tried VDK64, and the results have been almost as good.


   
ReplyQuote
keydet89
 keydet89
(@keydet89)
Famed Member
Joined: 21 years ago
Posts: 3568
Topic starter 16/12/2008 10:28 pm  

Okay, I've had some good results using IMDisk to mount an acquired image of a physical disk as a read-only file system.

Before getting into my own testing, I wanted to see what others may be using to mount an acquisition of a logical volume as a file system. For example, if you use FTK Imager to acquire an image of C\, instead of PhysicalDisk0…what are you using (if anything) to mount that image as a drive letter?

Thanks.


   
ReplyQuote
 JimmyW
(@jimmyw)
Trusted Member
Joined: 20 years ago
Posts: 64
17/12/2008 1:41 am  

Mount Image Pro will work. The next release, now in beta, will offer more options for mounting an image. Support for FTK AD1 images is also in the works. If you want write access, you may be able to build a VM from the logical image and then use the utility I mentioned, though I've never built one from a logical image. I can see the need in cases in which you have to image logically. It's been a while, but I never had success with IMDisk.


   
ReplyQuote
Olof Lagerkvist
 Olof Lagerkvist
(@olof_lagerkvist)
New Member
Joined: 17 years ago
Posts: 1
19/12/2008 7:54 pm  

jaclaz,
It apparently doesn't work on 64bit server 2008 without modifying the OS behavior and I'm not about to jeopardize the integrity of my machine to load the driver.

Just to clarify, driver signing means no guarantee of the quality of driver code or anything like that anyway, it just makes sure that you know who has published drivers you have installed. So, turning testsigning mode on means very little integrity risks added after all, and is still better than on 32-bit versions.

With testsigning turned on drivers still need to be signed but the certificate may be a local one you have created or downloaded to accept own drivers or drivers from a specific publisher. So, even with testsigning turned on a 64-bit Vista has more checks for integrity than a 32-bit Vista. (32-bit versions of Windows never checks for a signature before accepting to load a driver.)

Anyway, I understand your reaction, after all 64-bit Windows need to run in a somewhat less secure mode, but still, more secure than 32-bit Windows versions.


   
ReplyQuote
Page 7 / 7
Forum Jump:
  Previous Topic
Next Topic  
Share: