Andy, excellent PDF, having read a couple of linux books this doc really hits the spot!
Also thanks to ratrabbit, I'll have a play.
Nick
HELIX and FIRE bootable CDs have valuable and free forensic tools if an examiner prefers to use *nix enviornment to acquire, analyze etc.
I was impressed with the GUI verison of DD called GRAB on the current distribution of HELIX CD rom. It also lets you acquire a target machine over IP. There are other acquisition utils on HELIX cd rom as well.
Yeah I've used Helix. Where this came from was working from images supplied by the prosecution. For reasons too complex to go into here I was not able to have access to the source machines and agreed to work from the police Encase images. I was due to work off site and was going to pre-index using FTK for speed of searching. However I needed to be able to reconstruct/mount the drive to virus scan it, hence the original question.
X-Ways allows me to interpret the images as a disk structure but not to scan it, similar to FTK imager really. However I could use dd to mount the images as described earlier but was working on a Windows machine without access to a Linux boot/virtual machine. Mount Image Pro is perfect for this senario but pretty expensive really.
Nick
Using FTK Imager
*Add the Encase evidence files
*Export the Image file to a different format. Hopefully raw which can be processed by DD to decompress it to a usb drive for scanning.
Sorry that I don't have any .e* images to test with currently.
Use this link in FTK imager help file for additional information. It should be on your hard drive if you have FTK imager installed.
C\Program Files\AccessData\AccessData FTK Imager\help\ENU\ftkimager_help.htm
After you export the image, decompress it to a usb drive and then do a virus scan. If it is clean, use it as evidence in FTK to index.