Hello everybody,
i need to analyze a .vdi image. i tried to import it in virtualbox but boot told me about this error " error loading operating system"…
Do you know if a special tool can give me the chance to explore a .vdi image?
Thank you
Hi,
What software are you using to conduct your examination? Are you looking to examine the file system of the virtual machine, or virtually boot (or both)?
A similar previous discussion
http//www.forensicfocus.com/Forums/viewtopic/t=10818/postdays=0/postorder=asc/start=0/
Cheers
Hello everybody,
i need to analyze a .vdi image. i tried to import it in virtualbox but boot told me about this error " error loading operating system"…Do you know if a special tool can give me the chance to explore a .vdi image?
Thank you
Wait a minute.
If you want to analyze a .vdi, the thing that you NOT do is attempting to boot from it.
But you may well boot in the VM a LiveCD of some kind, using the .vdi as non-boot hard disk.
There are two "main" .vdi format "fixed size" and "dinamycally expanding".
The first is just a RAW image with a header of several sector, the header + the mapping and some padding
https://
Typically you can access volumes inside a .vdi "fixed size" disk images on Windows by mounting the volume in IMDISK (i.e. providing manually the offset to the volume bootsector).
http//
but recent version of IMDISK support all versions of .vdi through Discutils.
Under Linux you can use (examples)
http//
http//
The approach that makes more sense (IMHO) if the scope is a forensic examination is to use VboxManage to clone the image converting it to RAW
https://
jaclaz
Found !! I can open it with foto ftk imager!!!