filmov
tv
Physical Image and Partition Mounting in Tsurugi Linux
Показать описание
This is a basic DFIR skill, but extremely useful. Demonstrated on Tsurugi Linux.
Sometimes it is helpful to access data inside a forensic disk image without going through carving and processing. For example, when you want to use tools to search for or process data, the tools do not 'understand' forensic disk images. In this video, we use Tsurugi with ewfmount and the built-in 'mount' command to access a file system of a suspect disk image. The same commands will work on other versions of Linux as well.
Tsurugi Linux has pre-configured directories that make mounting disk images very easy. We will use an expert witness file (EWF) (E01) as an example. First, mount the physical disk image with ewfmount. Then use the Sleuth Kit mmls to find the partition table and get the offset to the target partition. Calculate the byte offset. Then use 'mount' to mount the target partition. From there, you should have access to the suspect's data as if their hard drive were directly connected to your system.
00:00 Tsurugi Linux
00:14 Goals of the video
00:26 Selecting tools from the Applications menu
01:04 Open a command prompt (terminal)
01:32 Tsurugi home directory non-standard folders
01:49 Why image mounting?
02:15 Tsurugi Linux mnt directory
03:08 Mount an EWF physical disk image (E01)
04:31 Access the mounted disk image
04:52 tsk mmls for disk partition table
05:28 Calculate byte offset to partition
06:27 Mount a partition inside a physical disk image
07:32 Accessing the mounted partition file system
08:12 Overview
08:44 Thanks for watching
010001000100011001010011011000110110100101100101011011100110001101100101
Get more Digital Forensic Science
010100110111010101100010011100110110001101110010011010010110001001100101
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Please link back to the original video. If you want to use this video for commercial purposes, please contact us first. We would love to see what you are doing.
Experiment 003:
House of the dragon, super smash bros, todo o nada, Facebook, peacemaker, squid game
Sometimes it is helpful to access data inside a forensic disk image without going through carving and processing. For example, when you want to use tools to search for or process data, the tools do not 'understand' forensic disk images. In this video, we use Tsurugi with ewfmount and the built-in 'mount' command to access a file system of a suspect disk image. The same commands will work on other versions of Linux as well.
Tsurugi Linux has pre-configured directories that make mounting disk images very easy. We will use an expert witness file (EWF) (E01) as an example. First, mount the physical disk image with ewfmount. Then use the Sleuth Kit mmls to find the partition table and get the offset to the target partition. Calculate the byte offset. Then use 'mount' to mount the target partition. From there, you should have access to the suspect's data as if their hard drive were directly connected to your system.
00:00 Tsurugi Linux
00:14 Goals of the video
00:26 Selecting tools from the Applications menu
01:04 Open a command prompt (terminal)
01:32 Tsurugi home directory non-standard folders
01:49 Why image mounting?
02:15 Tsurugi Linux mnt directory
03:08 Mount an EWF physical disk image (E01)
04:31 Access the mounted disk image
04:52 tsk mmls for disk partition table
05:28 Calculate byte offset to partition
06:27 Mount a partition inside a physical disk image
07:32 Accessing the mounted partition file system
08:12 Overview
08:44 Thanks for watching
010001000100011001010011011000110110100101100101011011100110001101100101
Get more Digital Forensic Science
010100110111010101100010011100110110001101110010011010010110001001100101
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Please link back to the original video. If you want to use this video for commercial purposes, please contact us first. We would love to see what you are doing.
Experiment 003:
House of the dragon, super smash bros, todo o nada, Facebook, peacemaker, squid game
0:09:00
Physical Image and Partition Mounting in Tsurugi Linux
0:32:28
Linux Crash Course - Formatting & Mounting Storage Volumes
0:01:40
How to Mount ISO Disk Image Files in Windows 10
0:02:53
SANS SIFT - Mounting a Partition in an E01 Image
0:04:33
How to mount a multi-partition disk image in Linux?
0:03:47
How to mount a multi-partition disk image in Linux? (4 Solutions!!)
0:04:20
SIMATIC IPC - Image and Partition Creator
0:27:23
How to partition, format and mount a file system in Linux OS
0:01:36
How To Create Partition In Kali Linux | kali linux partition disk manual & installation problem
0:02:50
DevOps & SysAdmins: Mounting a partition from a raw DD image file of a physical disk
0:02:38
Mount a Logical Partition
0:14:09
Clone Any System
0:12:56
Linux Tutorial | How to Increase the Root Partition Size in Centos or RHEL
0:20:26
How to mount Linux partition
0:06:22
How to FLASH CUSTOM ROM on A/B Partition : Easiest Way with no Errors
0:04:21
How can I mount a partition from dd-created image of a block device (e.g. HDD) under Linux?
1:34:41
Red Hat Linux Day 14 Aug Batch (Mount, fstab, Format/partition disk, Creating/Adding/Removing Swap)
0:07:48
Dynamic Partition | Super Partiton | AB Slots | TWRP | Android Custom Rom Basics
0:03:51
Resize Primary Partition and unallocate space on Ubuntu | Part #1
0:01:23
How to mount/resize/modify LVM partition in KVM qcow2 or raw images?
0:12:25
How to Backup and Restore the Linux File System - Timeshift Tutorial
0:02:40
How to Create Partition in Mac Devices (Mac OS, Macbook Pro, Macbook Air, Mac Mini)
0:29:03
Forensic Acquisition in Windows - FTK Imager
0:21:47
VBox VMs - Add Disk & Partition - Create Physical & Logical Volumes - File Systems on LVM Us...
Комментарии