Home
Latest images
Search
Register
Log inUsing CAINE and MMLS to mount an image of an NTFS drive
2 posters
Page 1 of 1
Using CAINE and MMLS to mount an image of an NTFS drive
joetekno Mon Mar 02, 2009 8:04 pm
At some point you my want to view an operating system image file as it was as a file system. This enables quick restoration of files, string searches, e-discovery, etc. The following directions will walk you through mounting an image of an operating system so that you can quickly view it as a file system.
1. Select "Start"... Caine... Caine Interface
2. Click the "Create Report" button
3. Select the "Grissom Analyzer" tab
4. Type the location of your image file (example: /evidence/sda-img.dd)
5. Click the “mmls” button
6. Document the UNITS (example: Units are in 512-byte sectors)
7. Document the start of the partition you wish to mount (example: 0000000063)
8. Multiply the start of the partition with the Units (example 63 X 512 = 32256)
9. Make a directory in /media to mount the image to. The offset below comes from the number you came up with in step 8.
a. Open an Command Line Window
b. Type: sudo su
c. And then enter your password
d. Type: mkdir /media/evidence
e. Type: mount -t ntfs -o loop,ro,offset=32256 /evidence/sda-img.dd /media/evidence
10. Now you can us the “cd” command to view the image file’s directory structure
a. Type: cd /media/evidence
b. Type: ls
1. Select "Start"... Caine... Caine Interface
2. Click the "Create Report" button
3. Select the "Grissom Analyzer" tab
4. Type the location of your image file (example: /evidence/sda-img.dd)
5. Click the “mmls” button
6. Document the UNITS (example: Units are in 512-byte sectors)
7. Document the start of the partition you wish to mount (example: 0000000063)
8. Multiply the start of the partition with the Units (example 63 X 512 = 32256)
9. Make a directory in /media to mount the image to. The offset below comes from the number you came up with in step 8.
a. Open an Command Line Window
b. Type: sudo su
c. And then enter your password
d. Type: mkdir /media/evidence
e. Type: mount -t ntfs -o loop,ro,offset=32256 /evidence/sda-img.dd /media/evidence
10. Now you can us the “cd” command to view the image file’s directory structure
a. Type: cd /media/evidence
b. Type: ls
joetekno- Number of posts : 50
Località : Wisconsin, United States
Registration date : 2009-02-19 -
Re: Using CAINE and MMLS to mount an image of an NTFS drive
nannib Tue Mar 03, 2009 9:25 am
Thank you so much!
These various methods for reaching the wished target are very useful
Thank you again for your efforts...
Nanni Bassetti
Caine Team
These various methods for reaching the wished target are very useful
Thank you again for your efforts...
Nanni Bassetti
Caine Team
nannib- Admin
- Number of posts : 273
Age : 54
Registration date : 2008-10-28 -
Similar topics» CAINE 1.5 Installed and MMLS to mount NTFS image file
» Using CAINE and AIR to wipe a drive
» Using CAINE and AIR to image a suspect workstation
» CAINE 6.0 Utility to mount a device in rw mode
» Caine 2.5.1: Mounter GUI utility does not mount ext3 volumes
» Using CAINE and AIR to wipe a drive
» Using CAINE and AIR to image a suspect workstation
» CAINE 6.0 Utility to mount a device in rw mode
» Caine 2.5.1: Mounter GUI utility does not mount ext3 volumes
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum