Notifications

Clear all

Timeline - SIFT kit

General (Technical, Procedural, Software, Hardware etc.)

Last Post by badnut 11 years ago

4 Posts

3 Users

0 Reactions

926 Views

RSS

badnut

(@badnut)

New Member

Joined: 12 years ago

Posts: 4

Topic starter 03/04/2014 3:06 pm

Timelining skills a little rusty -

Trying to mount either a compressed E01 (logical image of a C drive) using ewf_mount.py…OR…mount a RAW image (same logical image) using mount command.

I tried to run mmls and got 'cannot determine partition type'..any ideas anyone?

Quote

badgerau

(@badgerau)

Trusted Member

Joined: 12 years ago

Posts: 96

04/04/2014 9:41 am

This may be helpful

http//digital-forensics.sans.org/blog/2011/11/28/digital-forensic-sifting-mounting-ewf-or-e01-evidence-image-files

ReplyQuote

keydet89

(@keydet89)

Famed Member

Joined: 21 years ago

Posts: 3568

04/04/2014 5:25 pm

Timelining skills a little rusty -

Trying to mount either a compressed E01 (logical image of a C drive) using ewf_mount.py…OR…mount a RAW image (same logical image) using mount command.

I tried to run mmls and got 'cannot determine partition type'..any ideas anyone?

mmls is run against an image, not a mounted image. When it's mounted, it's a volume.

mmls reads the partition table…a logical image is of a volume, and doesn't have a partition table.

HTH

ReplyQuote

badnut

(@badnut)

New Member

Joined: 12 years ago

Posts: 4

Topic starter 07/04/2014 3:33 pm

Thank you - it does help.

ReplyQuote

8 Forums
15.7 K Topics
92.3 K Posts
282 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed