ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Mounting Disk Images

From ForensicsWiki
Revision as of 08:41, 26 October 2008 by .FUF (Talk | contribs) (Category:Howtos)

Jump to: navigation, search

FreeBSD

To mount a disk image on FreeBSD:

First attach the image to unit #1:

 # mdconfig -a -t vnode -f /big3/project/images/img/67.img -u 1

Then mount:

 # mount -t msdos /dev/md1s1 /mnt
 # ls /mnt
 BOOTLOG.PRV     BOOTLOG.TXT     COMMAND.COM     IO.SYS          MSDOS.SYS

To unmount:

 # umount /mnt
 # mdconfig -d -u 1

To mount the image read-only, use:

 # mdconfig -o readonly -a -t vnode -f /big3/project/images/img/67.img -u 1
 # mount -o ro -t msdos /dev/md1s1 /mnt

Linux

To mount a disk image on Linux

# mount -t vfat -o loop=/dev/loop0,ro,noexec img.dd /mnt

-or-

# mount -t vfat -o loop=/dev/loop/0,ro,noexec img.dd /mnt

The ro is for read-only.

This will mount NSRL ISOs:

 # mount /home/simsong/RDS_218_A.iso /mnt/nsrl -t iso9660 -o loop=/dev/loop3,ro,noexec 


Some raw images contains multiple partitions (full HD image). In this case, it's necessary to specify a starting offset for each partition.

# mount -t vfat -o loop=/dev/loop0,offset=32256,ro,noexec img.dd /mnt/tmp_1
# mount -t vfat -o loop=/dev/loop1,offset=20974464000,ro,noexec img.dd /mnt/tmp_2


Note: You may need to say /dev/loop/0 instead of /dev/loop0 on some systems

To unmount

# umount /mnt