Hi all,
I noticed that in SANS SIFT v 2.14 the xmount tool has been removed… anyone knows why or which alternatives can be used to mount raw/ewf images while keeping a cache of the underlying virtualised raw disk modifications? That's useful while virtualising forensic images or fixing partitions with testdisk or repairing tools, or simply as an alternative to ewfmount or mount_ewf scripts or affuse.
Besides that… I tried to install it but ran into dependency issues
Depends libssl0.9.8 (>= 0.9.8m-1) but 0.9.8g-16ubuntu3.5 is to be installed
Adding the tool through official repositories issues the same error, while it's still possible installing via dpkg and the .deb file provided on the pinguin.lu website. I don't want to mess up with libraries and updates thus risking to break dependences of SIF tools, but I think that xmount can be really useful in some cases.
Any thought about this?
Thanks
Paolo
As i'm not a Linux Guru fighting with the dependencies i think we must wait for a newer release with an actual kernel/ gcc. Trying to install other tools like dff 1.3.0 ends also in dependency stuff. It must be a night mare to build up such a distribution to cope with all this library dependendies.
But why do you need xmaount? Runing acquired Images with Opengate?
As i'm not a Linux Guru fighting with the dependencies i think we must wait for a newer release with an actual kernel/ gcc. Trying to install other tools like dff 1.3.0 ends also in dependency stuff.
I agree. Actually, I managed by installing xmount via dpkg, there were some issues about libraries but everything worked fine. -)
It must be a night mare to build up such a distribution to cope with all this library dependendies.
Yes, I know, that's also why apt-get is not always a good idea on live distros, but since there's no harm in trying… -)
But why do you need xmaount? Runing acquired Images with Opengate?
That's one of the uses of xmount (for that I make use of Live View or raw2vmdk/dd2vmdk with vmware, in Windows) but in the specific case I had an EWF image which could not mount because of filesystem errors. I had to fix the partition to access the filesystem and data inside, but you cannot fix a partition of a forensic image coded as EWF, unless you dump it to a raw image and mount it via loop device or - for whom does not know about loop devices - dump it to a new disk. -)