Difference between revisions of "Mounting Disk Images"
From Forensics Wiki
m (Category:Howtos) |
|||
| Line 50: | Line 50: | ||
# umount /mnt | # umount /mnt | ||
| + | |||
| + | [[Category:Howtos]] | ||
Revision as of 03:41, 26 October 2008
Contents |
FreeBSD
To mount a disk image on FreeBSD:
First attach the image to unit #1:
# mdconfig -a -t vnode -f /big3/project/images/img/67.img -u 1
Then mount:
# mount -t msdos /dev/md1s1 /mnt
# ls /mnt BOOTLOG.PRV BOOTLOG.TXT COMMAND.COM IO.SYS MSDOS.SYS
To unmount:
# umount /mnt # mdconfig -d -u 1
To mount the image read-only, use:
# mdconfig -o readonly -a -t vnode -f /big3/project/images/img/67.img -u 1 # mount -o ro -t msdos /dev/md1s1 /mnt
Linux
To mount a disk image on Linux
# mount -t vfat -o loop=/dev/loop0,ro,noexec img.dd /mnt
-or-
# mount -t vfat -o loop=/dev/loop/0,ro,noexec img.dd /mnt
The ro is for read-only.
This will mount NSRL ISOs:
# mount /home/simsong/RDS_218_A.iso /mnt/nsrl -t iso9660 -o loop=/dev/loop3,ro,noexec
Some raw images contains multiple partitions (full HD image). In this case, it's necessary to specify a starting offset for each partition.
# mount -t vfat -o loop=/dev/loop0,offset=32256,ro,noexec img.dd /mnt/tmp_1 # mount -t vfat -o loop=/dev/loop1,offset=20974464000,ro,noexec img.dd /mnt/tmp_2
Note: You may need to say /dev/loop/0 instead of /dev/loop0 on some systems
To unmount
# umount /mnt
