Forums
Main Category
General (Technical,...
VMDK File Analysis ...
 
Notifications
Clear all

VMDK File Analysis (sesparse.vmdk)

 
General (Technical, Procedural, Software, Hardware etc.)
Last Post by CC4n6 4 years ago
6 Posts
3 Users
0 Reactions
7,876 Views
RSS
 CC4n6
(@cc4n6)
Eminent Member
Joined: 7 years ago
Posts: 18
Topic starter 24/09/2021 7:00 pm  

Hello All,

 

I received a few vmdk files for analysis. The files I was given are:

Server1-000001.vmdk

Server1-000001-sesparse.vmdk

Server1-000002.vmdk

Server1-000002-sesparse.vmdk

Any tool I try to open them with (FTK Imager and Axiom) fails. Has anyone dealt with these VM formats? I have no problems with flat VMDK files. Is there a conversion that needs to take place?

 

Any help is much appreciated!


   
Quote
 dega
(@dega)
Reputable Member
Joined: 11 years ago
Posts: 267
24/09/2021 10:45 pm  

try with autopsy


   
ReplyQuote
 CC4n6
(@cc4n6)
Eminent Member
Joined: 7 years ago
Posts: 18
Topic starter 27/09/2021 3:44 pm  

Autopsy did not like the VMDK's.

Back to the drawing board..


   
ReplyQuote
Henk
 Henk
(@tecleo)
Active Member
Joined: 5 years ago
Posts: 8
27/09/2021 4:36 pm  

You try:
(1) Arsenal image mounter
https://arsenalrecon.com/products

(2) http://www.ufsexplorer.com
https://www.ufsexplorer.com/solutions/virtual-machine-data-recovery.php

See also:
You want me to deal with how many VMDKs!?
https://thinkdfir.com/2021/06/03/you-want-me-to-deal-with-how-many-vmdks/


   
ReplyQuote
 dega
(@dega)
Reputable Member
Joined: 11 years ago
Posts: 267
27/09/2021 7:51 pm  

@cc4n6 

sure? Here they talk about vmdk. You back to the drawing board 😛

https://sleuthkit.org/autopsy/docs/user-docs/4.19.1/ds_page.html

 


   
ReplyQuote
 CC4n6
(@cc4n6)
Eminent Member
Joined: 7 years ago
Posts: 18
Topic starter 27/09/2021 8:41 pm  

@giandega The issue is the -sesparse.vmdk files   The applications do not like them. They might not be suitable for analysis.


   
ReplyQuote
Forum Jump:
  Previous Topic
Next Topic  
Share: