SlideShare une entreprise Scribd logo

Mounting virtual hard drives

Télécharger en tant que PPTX, PDF
CTIN
CTIN
Technologie
1  sur  17
Ronald Godfrey
 Common in today’s computing environment  Allow the user to run multiple, self contained operating systems on one hardware host machine  The virtual machine utilizes the host machine’s resources (RAM, network interface, etc)  Data can be transferred between the host and the virtual machine
 Microsoft Virtual PC – typically has a “*.vhd” hard drive extension  Microsoft XP Mode - typically has a “*.vhd” hard drive extension  Oracle Virtualbox - typically has a “*.vdi” hard drive extension  VMWare - typically has a “*.vhd” or “vmdk” hard drive extension
 Virtual hard drive files are typically large in size.  Usually two files are associated with the virtual machine  Virtual hard drive file – contains the O/S and data  Virtual machine settings file – provides the virtual machine’s configuration settings when used on the host machine
 FTK Imager 3.0 and newer versions have the ability to mount forensic images and virtual hard drives.  Images can be mounted as mapped drives on the computer  Physical virtual hard drives and their logical partitions can be mounted.  Mounted by using the “FileImage Mounting” within FTK Imager
 Images can be mounted as “read only”
 If you mount the virtual hard drive and you see the “unrecognized file system”, use Virtualbox’s internal commands to convert the hard drive to a raw format.
 Extract the “vdi” file from the forensic image to a location on your hard drive:  Open a command prompt window and navigate to the VirtualBox folder (typically c:Program FilesOracleVirtualBox).  Run the following command against the “vdi” file you wish to convert (no quotes in the command line): vboxmanage.exe internalcommands converttoraw "xpath-to- vdi-filevdifilename.vdi" "x:path-to-output- foldervdifilename.raw“  Conversion time will vary depending on the size of the “VDI file. It is recommended you have twice the amount of drive space available as is the size of the “vdi” file since you are converting to an uncompressed “raw” format.
Virtual hard drive shows up as a physical drive on the system. The drive can then be imaged again and compared via hashing to ensure everything was captured.

Recommandé

Mac Forensics
Mac ForensicsMac Forensics
Mac ForensicsCTIN
 
Computer Forensics & Windows Registry
Computer Forensics & Windows RegistryComputer Forensics & Windows Registry
Computer Forensics & Windows Registrysomutripathi
 
Memory forensics
Memory forensicsMemory forensics
Memory forensicsSunil Kumar
 
Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensicsTaha İslam YILMAZ
 
Linux forensics
Linux forensicsLinux forensics
Linux forensicsSantosh Khadsare
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - NotesKranthi
 
ELF
ELFELF
ELFKoganti Ravikumar
 
Forensic imaging tools
Forensic imaging tools Forensic imaging tools
Forensic imaging tools Dr. Richard Adams
 

Recommandé

Mac Forensics
Mac ForensicsMac Forensics
Mac ForensicsCTIN
 
Computer Forensics & Windows Registry
Computer Forensics & Windows RegistryComputer Forensics & Windows Registry
Computer Forensics & Windows Registrysomutripathi
 
Memory forensics
Memory forensicsMemory forensics
Memory forensicsSunil Kumar
 
Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensicsTaha İslam YILMAZ
 
Linux forensics
Linux forensicsLinux forensics
Linux forensicsSantosh Khadsare
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - NotesKranthi
 
ELF
ELFELF
ELFKoganti Ravikumar
 
Forensic imaging tools
Forensic imaging tools Forensic imaging tools
Forensic imaging tools Dr. Richard Adams
 
Data recovery
Data recoveryData recovery
Data recoverybhaumik_c
 
NTFS file system
NTFS file systemNTFS file system
NTFS file systemRavi Yasas
 
Data recovery
Data recoveryData recovery
Data recoverygupta8741
 
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced ActorsMemory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced ActorsJared Greenhill
 
Windows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsWindows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsBrent Muir
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows SystemConferencias FIST
 
NTFS vs FAT
NTFS vs FATNTFS vs FAT
NTFS vs FATTanveer Ahmed
 
Ntfs forensics
Ntfs forensicsNtfs forensics
Ntfs forensicsn|u - The Open Security Community
 
Présentation rattrapage module Forensic
Présentation rattrapage module ForensicPrésentation rattrapage module Forensic
Présentation rattrapage module ForensicESD Cybersecurity Academy
 
Windowsforensics
WindowsforensicsWindowsforensics
WindowsforensicsSantosh Khadsare
 
Windows Registry Forensics - Artifacts
Windows Registry Forensics - Artifacts Windows Registry Forensics - Artifacts
Windows Registry Forensics - Artifacts MD SAQUIB KHAN
 
Registry Forensics
Registry ForensicsRegistry Forensics
Registry ForensicsSomesh Sawhney
 
Ntfs and computer forensics
Ntfs and computer forensicsNtfs and computer forensics
Ntfs and computer forensicsGaurav Ragtah
 
Memory Forensics
Memory ForensicsMemory Forensics
Memory Forensicsn|u - The Open Security Community
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsOldsun
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsMayank Chaudhari
 
nessus
nessusnessus
nessusMuhammad Yasin
 
Lecture #31 : Windows Forensics
Lecture #31 : Windows ForensicsLecture #31 : Windows Forensics
Lecture #31 : Windows ForensicsDr. Ramchandra Mangrulkar
 
nodeMCU IOT教學02 - Lua語言
nodeMCU IOT教學02 - Lua語言nodeMCU IOT教學02 - Lua語言
nodeMCU IOT教學02 - Lua語言吳錫修 (ShyiShiou Wu)
 
File System FAT And NTFS
File System FAT And NTFSFile System FAT And NTFS
File System FAT And NTFSInocentshuja Ahmad
 
Level1 Part8 End Of The Day
Level1 Part8 End Of The DayLevel1 Part8 End Of The Day
Level1 Part8 End Of The DayCTIN
 
Sadfe2007
Sadfe2007Sadfe2007
Sadfe2007CTIN
 

Contenu connexe

Tendances

Data recovery
Data recoveryData recovery
Data recoverybhaumik_c
 
NTFS file system
NTFS file systemNTFS file system
NTFS file systemRavi Yasas
 
Data recovery
Data recoveryData recovery
Data recoverygupta8741
 
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced ActorsMemory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced ActorsJared Greenhill
 
Windows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsWindows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsBrent Muir
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows SystemConferencias FIST
 
Windows Registry Forensics - Artifacts
Windows Registry Forensics - Artifacts Windows Registry Forensics - Artifacts
Windows Registry Forensics - Artifacts MD SAQUIB KHAN
 
Ntfs and computer forensics
Ntfs and computer forensicsNtfs and computer forensics
Ntfs and computer forensicsGaurav Ragtah
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsOldsun
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsMayank Chaudhari
 

Tendances (20)

Data recovery
Data recoveryData recovery
Data recovery
 
NTFS file system
NTFS file systemNTFS file system
NTFS file system
 
Data recovery
Data recoveryData recovery
Data recovery
 
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced ActorsMemory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
 
Windows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsWindows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary Artefacts
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows System
 
NTFS vs FAT
NTFS vs FATNTFS vs FAT
NTFS vs FAT
 
Ntfs forensics
Ntfs forensicsNtfs forensics
Ntfs forensics
 
Présentation rattrapage module Forensic
Présentation rattrapage module ForensicPrésentation rattrapage module Forensic
Présentation rattrapage module Forensic
 
Windowsforensics
WindowsforensicsWindowsforensics
Windowsforensics
 
Windows Registry Forensics - Artifacts
Windows Registry Forensics - Artifacts Windows Registry Forensics - Artifacts
Windows Registry Forensics - Artifacts
 
Registry Forensics
Registry ForensicsRegistry Forensics
Registry Forensics
 
Ntfs and computer forensics
Ntfs and computer forensicsNtfs and computer forensics
Ntfs and computer forensics
 
Memory Forensics
Memory ForensicsMemory Forensics
Memory Forensics
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensics
 
nessus
nessusnessus
nessus
 
Lecture #31 : Windows Forensics
Lecture #31 : Windows ForensicsLecture #31 : Windows Forensics
Lecture #31 : Windows Forensics
 
nodeMCU IOT教學02 - Lua語言
nodeMCU IOT教學02 - Lua語言nodeMCU IOT教學02 - Lua語言
nodeMCU IOT教學02 - Lua語言
 
File System FAT And NTFS
File System FAT And NTFSFile System FAT And NTFS
File System FAT And NTFS
 

En vedette

Level1 Part8 End Of The Day
Level1 Part8 End Of The DayLevel1 Part8 End Of The Day
Level1 Part8 End Of The DayCTIN
 
Sadfe2007
Sadfe2007Sadfe2007
Sadfe2007CTIN
 
Social Media Forensics for Investigators
Social Media Forensics for InvestigatorsSocial Media Forensics for Investigators
Social Media Forensics for InvestigatorsCase IQ
 
Corporate Public Investigations
Corporate Public InvestigationsCorporate Public Investigations
Corporate Public InvestigationsCTIN
 
Nra
NraNra
NraCTIN
 
Windows 7 forensics jump lists-rv3-public
Windows 7 forensics jump lists-rv3-publicWindows 7 forensics jump lists-rv3-public
Windows 7 forensics jump lists-rv3-publicCTIN
 
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian CarrierOSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian CarrierBasis Technology
 
Part6 Private Sector Concerns
Part6 Private Sector ConcernsPart6 Private Sector Concerns
Part6 Private Sector ConcernsCTIN
 
www.indonezia.net Hacking Windows Registry
www.indonezia.net Hacking Windows Registrywww.indonezia.net Hacking Windows Registry
www.indonezia.net Hacking Windows RegistryChandra Pr. Singh
 
Forensic Anaysis on Twitter
Forensic Anaysis on TwitterForensic Anaysis on Twitter
Forensic Anaysis on TwitterYansi Keim
 
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...Mark Matienzo
 
Installation of Joomla on Windows XP
Installation of Joomla on Windows XPInstallation of Joomla on Windows XP
Installation of Joomla on Windows XPRupesh Kumar
 
Windows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti ForensicsWindows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti ForensicsMike Spaulding
 
Become an Internet Sleuth!
Become an Internet Sleuth!Become an Internet Sleuth!
Become an Internet Sleuth!Nearpod
 
Windows 7 forensics -overview-r3
Windows 7 forensics -overview-r3Windows 7 forensics -overview-r3
Windows 7 forensics -overview-r3CTIN
 

En vedette (20)

Level1 Part8 End Of The Day
Level1 Part8 End Of The DayLevel1 Part8 End Of The Day
Level1 Part8 End Of The Day
 
Sadfe2007
Sadfe2007Sadfe2007
Sadfe2007
 
Windows 7-cheat-sheet
Windows 7-cheat-sheetWindows 7-cheat-sheet
Windows 7-cheat-sheet
 
Citrix
CitrixCitrix
Citrix
 
Social Media Forensics for Investigators
Social Media Forensics for InvestigatorsSocial Media Forensics for Investigators
Social Media Forensics for Investigators
 
Corporate Public Investigations
Corporate Public InvestigationsCorporate Public Investigations
Corporate Public Investigations
 
Nra
NraNra
Nra
 
Windows 7 forensics jump lists-rv3-public
Windows 7 forensics jump lists-rv3-publicWindows 7 forensics jump lists-rv3-public
Windows 7 forensics jump lists-rv3-public
 
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian CarrierOSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
 
Registry forensics
Registry forensicsRegistry forensics
Registry forensics
 
Windows forensic artifacts
Windows forensic artifactsWindows forensic artifacts
Windows forensic artifacts
 
Part6 Private Sector Concerns
Part6 Private Sector ConcernsPart6 Private Sector Concerns
Part6 Private Sector Concerns
 
www.indonezia.net Hacking Windows Registry
www.indonezia.net Hacking Windows Registrywww.indonezia.net Hacking Windows Registry
www.indonezia.net Hacking Windows Registry
 
File system
File systemFile system
File system
 
Forensic Anaysis on Twitter
Forensic Anaysis on TwitterForensic Anaysis on Twitter
Forensic Anaysis on Twitter
 
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...
 
Installation of Joomla on Windows XP
Installation of Joomla on Windows XPInstallation of Joomla on Windows XP
Installation of Joomla on Windows XP
 
Windows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti ForensicsWindows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti Forensics
 
Become an Internet Sleuth!
Become an Internet Sleuth!Become an Internet Sleuth!
Become an Internet Sleuth!
 
Windows 7 forensics -overview-r3
Windows 7 forensics -overview-r3Windows 7 forensics -overview-r3
Windows 7 forensics -overview-r3
 

Similaire à Mounting virtual hard drives

SysInternals Disk2vhd - docs.pdf
SysInternals Disk2vhd - docs.pdfSysInternals Disk2vhd - docs.pdf
SysInternals Disk2vhd - docs.pdfhtdvul
 
Native VHD Boot: A Walkthrough of Common Scenarios
Native VHD Boot: A Walkthrough of Common ScenariosNative VHD Boot: A Walkthrough of Common Scenarios
Native VHD Boot: A Walkthrough of Common Scenariosdegarden
 
Microsoft Windows Server 2012 R2 Hyper V server overview
Microsoft Windows Server 2012 R2 Hyper V server overviewMicrosoft Windows Server 2012 R2 Hyper V server overview
Microsoft Windows Server 2012 R2 Hyper V server overviewaboobakar sanjar
 
Upgrading and deploying Windows 7
Upgrading and deploying Windows 7Upgrading and deploying Windows 7
Upgrading and deploying Windows 7ctc TrainCanada
 
Virtualization workshop - part 1
Virtualization workshop - part 1Virtualization workshop - part 1
Virtualization workshop - part 1Davide Pelosi
 
Virtualization And Disk Performance
Virtualization And Disk PerformanceVirtualization And Disk Performance
Virtualization And Disk PerformanceDiskeeper
 
Practical Implementation of Virtual Machine
Practical Implementation of Virtual MachinePractical Implementation of Virtual Machine
Practical Implementation of Virtual MachineRubal Sagwal
 
Windows server 2012 r2 Hyper-v Component architecture
Windows server 2012 r2 Hyper-v Component architecture Windows server 2012 r2 Hyper-v Component architecture
Windows server 2012 r2 Hyper-v Component architecture Tũi Wichets
 
Virtual Machines - Virtual Box
Virtual Machines - Virtual BoxVirtual Machines - Virtual Box
Virtual Machines - Virtual BoxLahiru Danushka
 
VHD Recovery Software
VHD Recovery SoftwareVHD Recovery Software
VHD Recovery Softwarepdfsubmit
 
Running virtual box from the linux command line
Running virtual box from the linux command lineRunning virtual box from the linux command line
Running virtual box from the linux command lineEric Javier Espino Man
 
VirtualBox Ubuntu Host Windows Guest
VirtualBox Ubuntu Host Windows GuestVirtualBox Ubuntu Host Windows Guest
VirtualBox Ubuntu Host Windows Guestaindilis
 
Hyper-V overview and building test network - harold.wong
Hyper-V overview and building test network - harold.wongHyper-V overview and building test network - harold.wong
Hyper-V overview and building test network - harold.wongHarold Wong
 
Virtualizing Testbeds For Fun And Profit
Virtualizing Testbeds For Fun And ProfitVirtualizing Testbeds For Fun And Profit
Virtualizing Testbeds For Fun And Profitmatthew.maisel
 
how to install VMware
how to install VMwarehow to install VMware
how to install VMwarertchandu
 

Similaire à Mounting virtual hard drives (20)

SysInternals Disk2vhd - docs.pdf
SysInternals Disk2vhd - docs.pdfSysInternals Disk2vhd - docs.pdf
SysInternals Disk2vhd - docs.pdf
 
Virtual Hard disk
Virtual Hard diskVirtual Hard disk
Virtual Hard disk
 
Native VHD Boot: A Walkthrough of Common Scenarios
Native VHD Boot: A Walkthrough of Common ScenariosNative VHD Boot: A Walkthrough of Common Scenarios
Native VHD Boot: A Walkthrough of Common Scenarios
 
Microsoft Windows Server 2012 R2 Hyper V server overview
Microsoft Windows Server 2012 R2 Hyper V server overviewMicrosoft Windows Server 2012 R2 Hyper V server overview
Microsoft Windows Server 2012 R2 Hyper V server overview
 
Upgrading and deploying Windows 7
Upgrading and deploying Windows 7Upgrading and deploying Windows 7
Upgrading and deploying Windows 7
 
Virtualization workshop - part 1
Virtualization workshop - part 1Virtualization workshop - part 1
Virtualization workshop - part 1
 
Virtualization And Disk Performance
Virtualization And Disk PerformanceVirtualization And Disk Performance
Virtualization And Disk Performance
 
VM.ppt
VM.pptVM.ppt
VM.ppt
 
2 Boot To Vhd
2 Boot To Vhd2 Boot To Vhd
2 Boot To Vhd
 
Practical Implementation of Virtual Machine
Practical Implementation of Virtual MachinePractical Implementation of Virtual Machine
Practical Implementation of Virtual Machine
 
Windows server 2012 r2 Hyper-v Component architecture
Windows server 2012 r2 Hyper-v Component architecture Windows server 2012 r2 Hyper-v Component architecture
Windows server 2012 r2 Hyper-v Component architecture
 
Virtual Machines - Virtual Box
Virtual Machines - Virtual BoxVirtual Machines - Virtual Box
Virtual Machines - Virtual Box
 
VHD Recovery Software
VHD Recovery SoftwareVHD Recovery Software
VHD Recovery Software
 
H: Drive
H: Drive H: Drive
H: Drive
 
Running virtual box from the linux command line
Running virtual box from the linux command lineRunning virtual box from the linux command line
Running virtual box from the linux command line
 
VMXray
VMXrayVMXray
VMXray
 
VirtualBox Ubuntu Host Windows Guest
VirtualBox Ubuntu Host Windows GuestVirtualBox Ubuntu Host Windows Guest
VirtualBox Ubuntu Host Windows Guest
 
Hyper-V overview and building test network - harold.wong
Hyper-V overview and building test network - harold.wongHyper-V overview and building test network - harold.wong
Hyper-V overview and building test network - harold.wong
 
Virtualizing Testbeds For Fun And Profit
Virtualizing Testbeds For Fun And ProfitVirtualizing Testbeds For Fun And Profit
Virtualizing Testbeds For Fun And Profit
 
how to install VMware
how to install VMwarehow to install VMware
how to install VMware
 

Plus de CTIN

Open Source Forensics
Open Source ForensicsOpen Source Forensics
Open Source ForensicsCTIN
 
Encase V7 Presented by Guidance Software august 2011
Encase V7 Presented by Guidance Software august 2011Encase V7 Presented by Guidance Software august 2011
Encase V7 Presented by Guidance Software august 2011CTIN
 
Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3CTIN
 
Msra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaCTIN
 
Windows 7 forensics thumbnail-dtl-r4
Windows 7 forensics thumbnail-dtl-r4Windows 7 forensics thumbnail-dtl-r4
Windows 7 forensics thumbnail-dtl-r4CTIN
 
Time Stamp Analysis of Windows Systems
Time Stamp Analysis of Windows SystemsTime Stamp Analysis of Windows Systems
Time Stamp Analysis of Windows SystemsCTIN
 
Vista Forensics
Vista ForensicsVista Forensics
Vista ForensicsCTIN
 
Live Forensics
Live ForensicsLive Forensics
Live ForensicsCTIN
 
Translating Geek To Attorneys It Security
Translating Geek To Attorneys It SecurityTranslating Geek To Attorneys It Security
Translating Geek To Attorneys It SecurityCTIN
 
Edrm
EdrmEdrm
EdrmCTIN
 
Computer Searchs, Electronic Communication, Computer Trespass
Computer Searchs, Electronic Communication, Computer TrespassComputer Searchs, Electronic Communication, Computer Trespass
Computer Searchs, Electronic Communication, Computer TrespassCTIN
 
CyberCrime
CyberCrimeCyberCrime
CyberCrimeCTIN
 
Search Warrants
Search WarrantsSearch Warrants
Search WarrantsCTIN
 
Raidprep
RaidprepRaidprep
RaidprepCTIN
 
Networking Overview
Networking OverviewNetworking Overview
Networking OverviewCTIN
 
M Compevid
M CompevidM Compevid
M CompevidCTIN
 
L Scope
L ScopeL Scope
L ScopeCTIN
 
Law Enforcement Role In Computing
Law Enforcement Role In ComputingLaw Enforcement Role In Computing
Law Enforcement Role In ComputingCTIN
 
Level1 Part7 Basic Investigations
Level1 Part7 Basic InvestigationsLevel1 Part7 Basic Investigations
Level1 Part7 Basic InvestigationsCTIN
 
K Ai
K AiK Ai
K AiCTIN
 

Plus de CTIN (20)

Open Source Forensics
Open Source ForensicsOpen Source Forensics
Open Source Forensics
 
Encase V7 Presented by Guidance Software august 2011
Encase V7 Presented by Guidance Software august 2011Encase V7 Presented by Guidance Software august 2011
Encase V7 Presented by Guidance Software august 2011
 
Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3
 
Msra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troyla
 
Windows 7 forensics thumbnail-dtl-r4
Windows 7 forensics thumbnail-dtl-r4Windows 7 forensics thumbnail-dtl-r4
Windows 7 forensics thumbnail-dtl-r4
 
Time Stamp Analysis of Windows Systems
Time Stamp Analysis of Windows SystemsTime Stamp Analysis of Windows Systems
Time Stamp Analysis of Windows Systems
 
Vista Forensics
Vista ForensicsVista Forensics
Vista Forensics
 
Live Forensics
Live ForensicsLive Forensics
Live Forensics
 
Translating Geek To Attorneys It Security
Translating Geek To Attorneys It SecurityTranslating Geek To Attorneys It Security
Translating Geek To Attorneys It Security
 
Edrm
EdrmEdrm
Edrm
 
Computer Searchs, Electronic Communication, Computer Trespass
Computer Searchs, Electronic Communication, Computer TrespassComputer Searchs, Electronic Communication, Computer Trespass
Computer Searchs, Electronic Communication, Computer Trespass
 
CyberCrime
CyberCrimeCyberCrime
CyberCrime
 
Search Warrants
Search WarrantsSearch Warrants
Search Warrants
 
Raidprep
RaidprepRaidprep
Raidprep
 
Networking Overview
Networking OverviewNetworking Overview
Networking Overview
 
M Compevid
M CompevidM Compevid
M Compevid
 
L Scope
L ScopeL Scope
L Scope
 
Law Enforcement Role In Computing
Law Enforcement Role In ComputingLaw Enforcement Role In Computing
Law Enforcement Role In Computing
 
Level1 Part7 Basic Investigations
Level1 Part7 Basic InvestigationsLevel1 Part7 Basic Investigations
Level1 Part7 Basic Investigations
 
K Ai
K AiK Ai
K Ai
 

Dernier

Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 

Dernier (20)

Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 

Mounting virtual hard drives

  • 2. Common in today’s computing environment  Allow the user to run multiple, self contained operating systems on one hardware host machine  The virtual machine utilizes the host machine’s resources (RAM, network interface, etc)  Data can be transferred between the host and the virtual machine
  • 3.
  • 4. Microsoft Virtual PC – typically has a “*.vhd” hard drive extension  Microsoft XP Mode - typically has a “*.vhd” hard drive extension  Oracle Virtualbox - typically has a “*.vdi” hard drive extension  VMWare - typically has a “*.vhd” or “vmdk” hard drive extension
  • 5. Virtual hard drive files are typically large in size.  Usually two files are associated with the virtual machine  Virtual hard drive file – contains the O/S and data  Virtual machine settings file – provides the virtual machine’s configuration settings when used on the host machine
  • 6.
  • 7. FTK Imager 3.0 and newer versions have the ability to mount forensic images and virtual hard drives.  Images can be mounted as mapped drives on the computer  Physical virtual hard drives and their logical partitions can be mounted.  Mounted by using the “FileImage Mounting” within FTK Imager
  • 8. Images can be mounted as “read only”
  • 9.
  • 10.
  • 11. If you mount the virtual hard drive and you see the “unrecognized file system”, use Virtualbox’s internal commands to convert the hard drive to a raw format.
  • 12.
  • 13. Extract the “vdi” file from the forensic image to a location on your hard drive:  Open a command prompt window and navigate to the VirtualBox folder (typically c:Program FilesOracleVirtualBox).  Run the following command against the “vdi” file you wish to convert (no quotes in the command line): vboxmanage.exe internalcommands converttoraw "xpath-to- vdi-filevdifilename.vdi" "x:path-to-output- foldervdifilename.raw“  Conversion time will vary depending on the size of the “VDI file. It is recommended you have twice the amount of drive space available as is the size of the “vdi” file since you are converting to an uncompressed “raw” format.
  • 14.
  • 15.
  • 16.
  • 17. Virtual hard drive shows up as a physical drive on the system. The drive can then be imaged again and compared via hashing to ensure everything was captured.