![]() ![]() PRODISCOVER BASIC FOR LINUX PROĪside from the programs previously mentioned in this topic (SmartMount from ASRData and Mount Image Pro from GetData), there is a freeware tool that will allow you to do the same thing it is called the virtual disk driver (VDK. VDK is a device driver that will allow you to mount an acquired image file as a drive letter on your system. When used with the VDKWin GUI ( ), illustrated in Figure 9.3, you simply need to click a few buttons and you’ll have your file system mounted and accessible from your analysis system. ![]() VDKWin obviously removes some of the complexity (and chance for making mistakes) from the use of the vdk.sys driver, but how is something like this useful? It is hoped that by now you’ve seen how an examiner does not have to be restricted to just one way of doing things as long as the appropriate level of care is taken, and as long as you’re documenting what you do (and why), the process you use to analyze acquired images is up to you (or your organization’s standard operating procedures, as the case may be). However, there may simply be some analysis methodologies that are not accessible due to the fact that they are not built into the commercial analysis application you’re using, or they are but, in having done so, the vendor has priced the application out of an affordable range.Īnother freely available tool for mounting images is IMDisk (Version 1.1.3 was released on December 5, 2008, from a virtual disk driver that installs as CLI utility and has a Control Panel applet, which provides a GUI interface to the driver. ![]() Figure 9.4 illustrates the IMDisk UI with an image mounted as a read-only drive letter (H:\).įigure 9.4 IMDisk User Interface with an Image Mounted as H:\ PRODISCOVER BASIC FOR LINUX DRIVER Microsoft has a free tool available (albeit unsupported and not advertised) called the "Virtual CD-ROM Control Panel for XP." This tool provides a virtual CD-ROM within the Windows XP Control Panel that you can use to mount. Iso files (usually from a CD or DVD) as file systems. ![]() The direct link to the tool is rather long, but a link can be found at the Microsoft Web site ( scroll approximately two-thirds of the way down), as well as on such blogs as RaDaJo ( ) and ( 2004/8.aspx). Often, you will need to examine individual files rather than entire file or volume systems. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |