RE: [sleuthkit-users] Mounting a dd image under windows
Brought to you by:
carrier
Menu
▾
▴
RE: [sleuthkit-users] Mounting a dd image under windows
|
From: Altheide, C. B. (IARC) <Alt...@nv...> - 2005-06-14 00:21:59
|
> -----Original Message-----
> From: youcef bichbiche [mailto:ybi...@ya...]
> Sent: Monday, June 13, 2005 4:49 PM
> To: Altheide, Cory B. (IARC); sle...@li...
> Cc: 'ro...@mo...'
> Subject: RE: [sleuthkit-users] Mounting a dd image under windows
>
>
> Hi,
> It uses the concept of a loopback device, which allows
> to mount a file system within an image file.
Not in Cygwin it doesn't.
> to do that you use the mount command with the loop
> option to indicate that you want to use the loop
> device to mount the file system within the image, and
> you specifiy a disk image rather than a disk device.
>
> Example:
>
> mount -t vfat -o ro,noexec,loop image.disk1
> /mnt/analysis
Previously I specifically asked you to explain "how you are currently
mounting raw disk images unders Windows using Cygwin."
This answer confirms my suspicions that you are currently not doing this /at
all/.
Your command:
"mount -t vfat -o ro,noexec,loop image.disk1 /mnt/analysis"
has several problems. The -t option in Cygwin mount doesn't take arguments
- it gives text files under that mountpoint CRLF endings (Windows style).
The -o option doesn't take any of the three arguments passed above.
From the man page for Cygwin's mount:
"The -o option is the method via which various options about the mount
point may be recorded. The following options are available (note that most
of the options are duplicates of other mount flags):
user - mount lives user-specific mount
system - mount lives in system table (default)
binary - files default to binary mode (default)
text - files default to CRLF text mode line endings
exec - files below mount point are all executable
notexec - files below mount point are not executable
cygexec - files below mount point are all cygwin executables
nosuid - no suid files are allowed (currently unimplemented)
managed - directory is managed by cygwin. Mixed case and special
characters in filenames are allowed."
Finally, Cygwin mount is expecting a win32 style path where you have the
"image.disk1" argument.
The extent of use of the Cygwin mount command is mapping Win32 paths to
POSIX style paths, for example:
"mount c:\foo\bar /foo/bar"
So, I ask again, how you are currently mounting raw disk images unders
Windows using Cygwin?
To answer the original poster, the only tool I've actually seen used on
Windows to do this is Mount Image Pro:
http://www.mountimage.com/
Although the aforementioned FileDisk appears interesting.
Cory Altheide
Senior Network Forensics Specialist
NNSA Information Assurance Response Center (IARC)
alt...@nv...
"I have taken all knowledge to be my province." -- Francis Bacon
> --- "Altheide, Cory B. (IARC)" <Alt...@nv...>
> wrote:
>
> > Hi -
> >
> > I'd be interested in either one (or both) of you
> > explaining how you are
> > currently mounting raw disk images under Windows
> > using Cygwin.
> >
> > Thanks -
> >
> > Cory Altheide
> > Senior Network Forensics Specialist
> > NNSA Information Assurance Response Center (IARC)
> > alt...@nv...
> > "I have taken all knowledge to be my province." --
> > Francis Bacon
> >
> > > -----Original Message-----
> > > From: sle...@li...
> > >
> > [mailto:sle...@li...]
> > On
> > > Behalf Of youcef bichbiche
> > > Sent: Saturday, June 11, 2005 4:23 PM
> > > To: sle...@li...
> > > Subject: Re: [sleuthkit-users] Mounting a dd image
> > under windows
> > >
> > >
> > > Try Cygwin. it supports Sleuthkit too.
> > >
> > > --- esrkq yahoo <es...@ya...> wrote:
> > >
> > > > Hi Guys,
> > > > slightly off topic but does anyone know of a
> > utility
> > > > that will mount a dd image under windows xp.
> >
> >
> >
> >
> -------------------------------------------------------
> > This SF.Net email is sponsored by: NEC IT Guy Games.
> > How far can you shotput
> > a projector? How fast can you ride your desk chair
> > down the office luge track?
> > If you want to score the big prize, get to know the
> > little guy.
> > Play to win an NEC 61" plasma display:
> > http://www.necitguy.com/?r=20
> > _______________________________________________
> > sleuthkit-users mailing list
> >
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> > http://www.sleuthkit.org
> >
>
>
>
>
>
>
> ___________________________________________________________
> Yahoo! Messenger - NEW crystal clear PC to PC calling
> worldwide with voicemail http://uk.messenger.yahoo.com
>
|
