Hi,
I'm looking for some ideas of the best way to view a Linux OS (Its running LUKS encryption from what I can gather) Not sure of the distro though.
I have an image of it and its a little ropey to say the least, the laptop is bust that it is from. I have taken a clone, but I can not get it to load on the suspect laptop (screen is broke and can not view via external monitor) so I was wondering what would be my next best step to, possibly view this disk, as is!
Does VFC support Linux? (the FAQs on their site say See FAQs to V1 of VFC, but no link!)
Would it be possible to boot it into a VM?
I have a Linux box, at a last restore I could just mount the drive.
Any ideas would be much appreciated.
Thanks.
If I understand your question correctly, this is what I have had success with in the past
1. Mount the image as a physical drive (I normally use FTK Imager because it is free).
2. Create a VM (I normally use VMWare but also use VirtualBox) and elect to not install an OS.
3. Modify the settings of the VM to boot from the mounted physical image.
4. Boot into your suspect image.
If that does not work.
1. Use LiveView to create a .vmdk.
2. Boot into suspect image using VMWare.
You mentioned LUKS encryption. I do not have any experience with trying to bypass LUKS encryption so cannot help you there.
Good luck and I hope to hear about what ends up working for you.
Thanks for the reply. Yes I think you have nailed what I am trying to do. Wasn't sure if VMWare or VirtualBox would handle an already installed OS from a drive, I just assumed it wanted you to run an install of the setup disc…
I will try that tomorrow and let you know how I get on.
Not to worried about the encryption too much at this stage (Never encountered LUKS before either) just want to see it load to start with and see what we are dealing with. FTK 3.2 and EnCase just looks messy due to the encryption.
Thanks again.
Sorry mate, but this is a non starter.
[I'm assuming] because of the LUKS I can not see the file system at all when I mount the image. I'm basically getting, do I want to format this drive message.
I can not get it to mount via VM or VirtualBox. I'm pretty sure its an Ubuntu 10.10 install, but thats the most I can get. I have plugged the drive into a Linux machine and its showing me three drives, 2 encrypted, but the password provided is not working, so prob not going anywhere for now!
Oh well, was worth a try.