Saturday, May 9, 2020

Digital Forensics: Mount Disk Images (VDMK) With OSFMount

Digital Forensics: Mount Disk Images (VDMK) With OSFMount

OSFMount is a lightweight software for Windows that supports a variety of disk images. Among the supported formats are popular disk image formats such as ISO, Bin, IMG and NRG plus some exotic formats like DD, VMDK and AFD.

In case study you mount a VM as a drive in OSForensics, The VM is assigned the next available drive letter
on your system in read-only mode, and then you do an image acquisition.

Step 1.
Start OSForensics and from the left pane select Manage Case and then click the New
Case button. Give the case a title such as 1 and click OK.
Again; from the left pane, scroll down and click Mount Drive Image to open the
PassMark OSFMount utility.
Step 2.
In the lower-left corner, click Mount new to open the OSFMount - Mount drive
windows.
Step 3.
Make sure Image file is selected, and click the […] button. Scroll to the location of
VirtualBox VMs in External Drive "Windows 10 Pro.vmdk" file.In the “Select a partition in image”

vmdk file.
Step 4.
The .vmdk file should be displayed as a mounted drive, as shown in the screen shot.
If a Windows dialog prompts to format the new drive, click Cancel.

Step 5.
From the lower section of the Manage Case window select the Add Device button and
from the Drive drop down menu select the drive letter that relates to the .vmdk
previously mounted. Click the OK button.
Step 6.
Double Click the Device Drive now listed in the lower window to open the File System
Browser application where you can explore the drive contents.
Close File System Browser window.

Supported File Extensions

OSFMount supports the mounting of the following Windows image file formats:

ที่มา:
https://bit.ly/2TxZcUX
https://www.osforensics.com/tools/mount-disk-images.html
https://bit.ly/2VBLgMk

หมายเหตุ:เนื้อหาในเว็บไซต์นี้มีขึ้นเพื่อวัตถุประสงค์ในการให้ข้อมูลและเพื่อการศึกษาเท่านั้น

* หากมีข้อมูลข้อผิดพลาดประการใด ขออภัยมา ณ ที่นี้ด้วย  รบกวนแจ้ง Admin เพื่อแก้ไขต่อไป
ขอบคุณครับ

#WindowsForensic #ComputerForensics #dfir #forensics #digitalforensics #computerforensic #investigation #cybercrime #fraud

No comments:

Post a Comment