SlideShare ist ein Scribd-Unternehmen logo

How to boot a VM form a Forensic Image

Krešimir Hausknecht
Krešimir Hausknecht

How to boot a virtual machine form a Digital Forensic Image such as E01 or RAW.

Technologie
1 von 12
How to boot a VM from a Forensic Image Krešimir Hausknecht, M.Sci.
PLEASE BE CAREFULL! This process will probably change your original evidence so please make sure that it is being done on a copy!! 2
VirtualBox & FTK Imager Install: 1. FTK Imager 2. VirtualBox • https://www.virtualbox.org/wiki/Downloads - VirtualBox 5.0.20 for Windows hosts x86/amd64 3
1. FTK Imager 1. File → Image Mounting 2. Select E01 image you want to mount 4
1. FTK Imager 3. Mount type: physical only 4. Mount method: block device/writeable 5. Write cache folder: C:tempVBox_cache • Choose a preferred destination cache folder 6. Mount – you will see which physical drive the image is mapped to • Note the Physical drive number, we’ll need that later… 5
6
2. Create a new folder For storing the virtual disk file later Eg. C:tempVbox_temp 7
3. Command prompt Run as administrator!! cd c:Program FilesOracleVirtualBox vboxmanage internalcommands createrawvmdk -filename C:tempVbox_tempimage.vmdk -rawdisk .physicaldriveX Replace the path, file name and physical drive accordingly 8
4. VirtualBox Run as administrator! Creating a new virtual machine: • Name: image • Type: Microsoft Windows • Version: <Select accordingly> • Memory size: 2GB RAM • Hard disk: use an existing virtual hard disk file → image.vmdk • File we created in the step before • START the machine • Cross you fingers! 9
10
Issues When dismounted and mounted again – doesn’t work! • Windows Error Recovery (Launch startup repair or start windows normally) • Delete the following folder: • C:Usersuser.VirtualBox • Repeat the procedure It will not always work  11
Questions Kresimir.hausknecht@insig2.eu https://hr.linkedin.com/in/kresimirhausknecht

Empfohlen

Booting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBooting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBrent Muir
 
Real-time Analytics with Redis
Real-time Analytics with RedisReal-time Analytics with Redis
Real-time Analytics with RedisCihan Biyikoglu
 
Daos
DaosDaos
DaosUlrich Krause
 
Step by step installation domino on docker
Step by step installation domino on dockerStep by step installation domino on docker
Step by step installation domino on dockerRoberto Boccadoro
 
MES102 - Verse on Premises 2.0 Best Practices
MES102 - Verse on Premises 2.0 Best PracticesMES102 - Verse on Premises 2.0 Best Practices
MES102 - Verse on Premises 2.0 Best PracticesDylan Redfield
 
Release and patching strategy
Release and patching strategyRelease and patching strategy
Release and patching strategyJitendra Singh
 
How to use the new Domino Query Language
How to use the new Domino Query LanguageHow to use the new Domino Query Language
How to use the new Domino Query LanguageTim Davis
 
Backup and recovery in oracle
Backup and recovery in oracleBackup and recovery in oracle
Backup and recovery in oraclesadegh salehi
 

Empfohlen

Booting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBooting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBrent Muir
 
Real-time Analytics with Redis
Real-time Analytics with RedisReal-time Analytics with Redis
Real-time Analytics with RedisCihan Biyikoglu
 
Daos
DaosDaos
DaosUlrich Krause
 
Step by step installation domino on docker
Step by step installation domino on dockerStep by step installation domino on docker
Step by step installation domino on dockerRoberto Boccadoro
 
MES102 - Verse on Premises 2.0 Best Practices
MES102 - Verse on Premises 2.0 Best PracticesMES102 - Verse on Premises 2.0 Best Practices
MES102 - Verse on Premises 2.0 Best PracticesDylan Redfield
 
Release and patching strategy
Release and patching strategyRelease and patching strategy
Release and patching strategyJitendra Singh
 
How to use the new Domino Query Language
How to use the new Domino Query LanguageHow to use the new Domino Query Language
How to use the new Domino Query LanguageTim Davis
 
Backup and recovery in oracle
Backup and recovery in oracleBackup and recovery in oracle
Backup and recovery in oraclesadegh salehi
 
DCEU 18: Dockerfile Best Practices
DCEU 18: Dockerfile Best PracticesDCEU 18: Dockerfile Best Practices
DCEU 18: Dockerfile Best PracticesDocker, Inc.
 
SSD Deployment Strategies for MySQL
SSD Deployment Strategies for MySQLSSD Deployment Strategies for MySQL
SSD Deployment Strategies for MySQLYoshinori Matsunobu
 
MinIO January 2020 Briefing
MinIO January 2020 BriefingMinIO January 2020 Briefing
MinIO January 2020 BriefingJonathan Symonds
 
Backup strategy
Backup strategyBackup strategy
Backup strategymrscjrobertson
 
Docker architecture-04-1
Docker architecture-04-1Docker architecture-04-1
Docker architecture-04-1Mohammadreza Amini
 
Object storage
Object storageObject storage
Object storageakash tambakad
 
RNUG - HCL Notes V11 Performance Boost
RNUG - HCL Notes V11 Performance BoostRNUG - HCL Notes V11 Performance Boost
RNUG - HCL Notes V11 Performance BoostChristoph Adler
 
2021 二月份 Veeam 與解決方案概觀
2021 二月份 Veeam 與解決方案概觀 2021 二月份 Veeam 與解決方案概觀
2021 二月份 Veeam 與解決方案概觀 Wales Chen
 
Domino policies deep dive
Domino policies deep diveDomino policies deep dive
Domino policies deep diveMartijn de Jong
 
Object Storage 1: The Fundamentals of Objects and Object Storage
Object Storage 1: The Fundamentals of Objects and Object StorageObject Storage 1: The Fundamentals of Objects and Object Storage
Object Storage 1: The Fundamentals of Objects and Object StorageHitachi Vantara
 
Installing virtual box and windows server 2008 R2
Installing virtual box and windows server 2008 R2Installing virtual box and windows server 2008 R2
Installing virtual box and windows server 2008 R2Anna Hristova
 
Computer Virus
Computer VirusComputer Virus
Computer VirusMiddle East International School
 
What is Object storage ?
What is Object storage ?What is Object storage ?
What is Object storage ?Nabil Kassi
 
Veeam backup and_replication
Veeam backup and_replicationVeeam backup and_replication
Veeam backup and_replicationCheer Chain Enterprise Co., Ltd.
 
Union FileSystem - A Building Blocks Of a Container
Union FileSystem - A Building Blocks Of a ContainerUnion FileSystem - A Building Blocks Of a Container
Union FileSystem - A Building Blocks Of a ContainerKnoldus Inc.
 
Developer Special: How to Prepare Applications for Notes 64-bit Clients
Developer Special: How to Prepare Applications for Notes 64-bit ClientsDeveloper Special: How to Prepare Applications for Notes 64-bit Clients
Developer Special: How to Prepare Applications for Notes 64-bit Clientspanagenda
 
Dropbox Tutorial
Dropbox TutorialDropbox Tutorial
Dropbox TutorialMelissa
 
Docker on Docker
Docker on DockerDocker on Docker
Docker on DockerDocker, Inc.
 
Microservice Protection With WSO2 Identity Server
Microservice Protection With WSO2 Identity ServerMicroservice Protection With WSO2 Identity Server
Microservice Protection With WSO2 Identity ServerAnupam Gogoi
 
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-Reloaded
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-ReloadedRNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-Reloaded
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-ReloadedChristoph Adler
 
File000150
File000150File000150
File000150Desmond Devendran
 
мобільні операційні системи [автосохраненный]
мобільні операційні системи [автосохраненный]мобільні операційні системи [автосохраненный]
мобільні операційні системи [автосохраненный]Vlad Onyk
 

Weitere ähnliche Inhalte

Was ist angesagt?

DCEU 18: Dockerfile Best Practices
DCEU 18: Dockerfile Best PracticesDCEU 18: Dockerfile Best Practices
DCEU 18: Dockerfile Best PracticesDocker, Inc.
 
SSD Deployment Strategies for MySQL
SSD Deployment Strategies for MySQLSSD Deployment Strategies for MySQL
SSD Deployment Strategies for MySQLYoshinori Matsunobu
 
MinIO January 2020 Briefing
MinIO January 2020 BriefingMinIO January 2020 Briefing
MinIO January 2020 BriefingJonathan Symonds
 
RNUG - HCL Notes V11 Performance Boost
RNUG - HCL Notes V11 Performance BoostRNUG - HCL Notes V11 Performance Boost
RNUG - HCL Notes V11 Performance BoostChristoph Adler
 
2021 二月份 Veeam 與解決方案概觀
2021 二月份 Veeam 與解決方案概觀 2021 二月份 Veeam 與解決方案概觀
2021 二月份 Veeam 與解決方案概觀 Wales Chen
 
Domino policies deep dive
Domino policies deep diveDomino policies deep dive
Domino policies deep diveMartijn de Jong
 
Object Storage 1: The Fundamentals of Objects and Object Storage
Object Storage 1: The Fundamentals of Objects and Object StorageObject Storage 1: The Fundamentals of Objects and Object Storage
Object Storage 1: The Fundamentals of Objects and Object StorageHitachi Vantara
 
Installing virtual box and windows server 2008 R2
Installing virtual box and windows server 2008 R2Installing virtual box and windows server 2008 R2
Installing virtual box and windows server 2008 R2Anna Hristova
 
What is Object storage ?
What is Object storage ?What is Object storage ?
What is Object storage ?Nabil Kassi
 
Union FileSystem - A Building Blocks Of a Container
Union FileSystem - A Building Blocks Of a ContainerUnion FileSystem - A Building Blocks Of a Container
Union FileSystem - A Building Blocks Of a ContainerKnoldus Inc.
 
Developer Special: How to Prepare Applications for Notes 64-bit Clients
Developer Special: How to Prepare Applications for Notes 64-bit ClientsDeveloper Special: How to Prepare Applications for Notes 64-bit Clients
Developer Special: How to Prepare Applications for Notes 64-bit Clientspanagenda
 
Dropbox Tutorial
Dropbox TutorialDropbox Tutorial
Dropbox TutorialMelissa
 
Microservice Protection With WSO2 Identity Server
Microservice Protection With WSO2 Identity ServerMicroservice Protection With WSO2 Identity Server
Microservice Protection With WSO2 Identity ServerAnupam Gogoi
 
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-Reloaded
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-ReloadedRNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-Reloaded
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-ReloadedChristoph Adler
 

Was ist angesagt? (20)

DCEU 18: Dockerfile Best Practices
DCEU 18: Dockerfile Best PracticesDCEU 18: Dockerfile Best Practices
DCEU 18: Dockerfile Best Practices
 
SSD Deployment Strategies for MySQL
SSD Deployment Strategies for MySQLSSD Deployment Strategies for MySQL
SSD Deployment Strategies for MySQL
 
MinIO January 2020 Briefing
MinIO January 2020 BriefingMinIO January 2020 Briefing
MinIO January 2020 Briefing
 
Backup strategy
Backup strategyBackup strategy
Backup strategy
 
Docker architecture-04-1
Docker architecture-04-1Docker architecture-04-1
Docker architecture-04-1
 
Object storage
Object storageObject storage
Object storage
 
RNUG - HCL Notes V11 Performance Boost
RNUG - HCL Notes V11 Performance BoostRNUG - HCL Notes V11 Performance Boost
RNUG - HCL Notes V11 Performance Boost
 
2021 二月份 Veeam 與解決方案概觀
2021 二月份 Veeam 與解決方案概觀 2021 二月份 Veeam 與解決方案概觀
2021 二月份 Veeam 與解決方案概觀
 
Domino policies deep dive
Domino policies deep diveDomino policies deep dive
Domino policies deep dive
 
Object Storage 1: The Fundamentals of Objects and Object Storage
Object Storage 1: The Fundamentals of Objects and Object StorageObject Storage 1: The Fundamentals of Objects and Object Storage
Object Storage 1: The Fundamentals of Objects and Object Storage
 
Installing virtual box and windows server 2008 R2
Installing virtual box and windows server 2008 R2Installing virtual box and windows server 2008 R2
Installing virtual box and windows server 2008 R2
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
 
What is Object storage ?
What is Object storage ?What is Object storage ?
What is Object storage ?
 
Veeam backup and_replication
Veeam backup and_replicationVeeam backup and_replication
Veeam backup and_replication
 
Union FileSystem - A Building Blocks Of a Container
Union FileSystem - A Building Blocks Of a ContainerUnion FileSystem - A Building Blocks Of a Container
Union FileSystem - A Building Blocks Of a Container
 
Developer Special: How to Prepare Applications for Notes 64-bit Clients
Developer Special: How to Prepare Applications for Notes 64-bit ClientsDeveloper Special: How to Prepare Applications for Notes 64-bit Clients
Developer Special: How to Prepare Applications for Notes 64-bit Clients
 
Dropbox Tutorial
Dropbox TutorialDropbox Tutorial
Dropbox Tutorial
 
Docker on Docker
Docker on DockerDocker on Docker
Docker on Docker
 
Microservice Protection With WSO2 Identity Server
Microservice Protection With WSO2 Identity ServerMicroservice Protection With WSO2 Identity Server
Microservice Protection With WSO2 Identity Server
 
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-Reloaded
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-ReloadedRNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-Reloaded
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-Reloaded
 

Andere mochten auch

мобільні операційні системи [автосохраненный]
мобільні операційні системи [автосохраненный]мобільні операційні системи [автосохраненный]
мобільні операційні системи [автосохраненный]Vlad Onyk
 
мобільні операційні системи [автосохраненный]
мобільні операційні системи [автосохраненный]мобільні операційні системи [автосохраненный]
мобільні операційні системи [автосохраненный]Vlad Onyk
 
Mac Forensics
Mac ForensicsMac Forensics
Mac ForensicsCTIN
 
Windows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti ForensicsWindows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti ForensicsMike Spaulding
 
Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Brent Muir
 
Windows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsWindows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsBrent Muir
 

Andere mochten auch (10)

File000150
File000150File000150
File000150
 
мобільні операційні системи [автосохраненный]
мобільні операційні системи [автосохраненный]мобільні операційні системи [автосохраненный]
мобільні операційні системи [автосохраненный]
 
мобільні операційні системи [автосохраненный]
мобільні операційні системи [автосохраненный]мобільні операційні системи [автосохраненный]
мобільні операційні системи [автосохраненный]
 
Mac Forensics
Mac ForensicsMac Forensics
Mac Forensics
 
Windows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti ForensicsWindows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti Forensics
 
Linux forensics
Linux forensicsLinux forensics
Linux forensics
 
Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0
 
WhatsApp Forensic
WhatsApp ForensicWhatsApp Forensic
WhatsApp Forensic
 
Windows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsWindows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary Artefacts
 
Types of Irrigation
Types of IrrigationTypes of Irrigation
Types of Irrigation
 

Ähnlich wie How to boot a VM form a Forensic Image

How To Create The Ubuntu 20 VM Template For VMware Automation
How To Create The Ubuntu 20 VM Template For VMware AutomationHow To Create The Ubuntu 20 VM Template For VMware Automation
How To Create The Ubuntu 20 VM Template For VMware AutomationReal Estate
 
Creating a gallery image for Azure marketplace
Creating a gallery image for Azure marketplaceCreating a gallery image for Azure marketplace
Creating a gallery image for Azure marketplaceAlexey Bokov
 
Needle In An Encrypted Haystack: Forensics in a hardened environment (with Fu...
Needle In An Encrypted Haystack: Forensics in a hardened environment (with Fu...Needle In An Encrypted Haystack: Forensics in a hardened environment (with Fu...
Needle In An Encrypted Haystack: Forensics in a hardened environment (with Fu...Nicolas Collery
 
Exploring the Versatile Features of VirtualBox
Exploring the Versatile Features of VirtualBoxExploring the Versatile Features of VirtualBox
Exploring the Versatile Features of VirtualBoxHai Der
 
Fedora Atomic Workshop handout for Fudcon Pune 2015
Fedora Atomic Workshop handout for Fudcon Pune 2015Fedora Atomic Workshop handout for Fudcon Pune 2015
Fedora Atomic Workshop handout for Fudcon Pune 2015rranjithrajaram
 
Credentials and VM Installation - Basic course.pdf
Credentials and VM Installation - Basic course.pdfCredentials and VM Installation - Basic course.pdf
Credentials and VM Installation - Basic course.pdfShubham Sidana
 
12849144 how-to-install-a-cccam-server-on-windows
12849144 how-to-install-a-cccam-server-on-windows12849144 how-to-install-a-cccam-server-on-windows
12849144 how-to-install-a-cccam-server-on-windowsrajuy2r
 
Mounting virtual hard drives
Mounting virtual hard drivesMounting virtual hard drives
Mounting virtual hard drivesCTIN
 
Azure vm resizing the os disk
Azure vm resizing the os diskAzure vm resizing the os disk
Azure vm resizing the os diskMilorad Imbra
 
Puppet - Instant Data Center
Puppet - Instant Data CenterPuppet - Instant Data Center
Puppet - Instant Data CenterBryan Belanger
 
Installation of ESX Server
Installation of ESX ServerInstallation of ESX Server
Installation of ESX ServerLuca Viscomi
 
Virtualization
VirtualizationVirtualization
VirtualizationYansi Keim
 
images_of_windows_xp_for_system_deployment_using_windows_pe
images_of_windows_xp_for_system_deployment_using_windows_peimages_of_windows_xp_for_system_deployment_using_windows_pe
images_of_windows_xp_for_system_deployment_using_windows_peiartem
 
FIWARE Tech Summit - FIWARE Lab Cloud
FIWARE Tech Summit - FIWARE Lab CloudFIWARE Tech Summit - FIWARE Lab Cloud
FIWARE Tech Summit - FIWARE Lab CloudFIWARE
 
VirtualBox Ubuntu Host Windows Guest
VirtualBox Ubuntu Host Windows GuestVirtualBox Ubuntu Host Windows Guest
VirtualBox Ubuntu Host Windows Guestaindilis
 

Ähnlich wie How to boot a VM form a Forensic Image (20)

How To Create The Ubuntu 20 VM Template For VMware Automation
How To Create The Ubuntu 20 VM Template For VMware AutomationHow To Create The Ubuntu 20 VM Template For VMware Automation
How To Create The Ubuntu 20 VM Template For VMware Automation
 
Creating a gallery image for Azure marketplace
Creating a gallery image for Azure marketplaceCreating a gallery image for Azure marketplace
Creating a gallery image for Azure marketplace
 
Needle In An Encrypted Haystack: Forensics in a hardened environment (with Fu...
Needle In An Encrypted Haystack: Forensics in a hardened environment (with Fu...Needle In An Encrypted Haystack: Forensics in a hardened environment (with Fu...
Needle In An Encrypted Haystack: Forensics in a hardened environment (with Fu...
 
NativeBoot-RatanM
NativeBoot-RatanMNativeBoot-RatanM
NativeBoot-RatanM
 
VM.ppt
VM.pptVM.ppt
VM.ppt
 
Os Virtualization
Os VirtualizationOs Virtualization
Os Virtualization
 
Exploring the Versatile Features of VirtualBox
Exploring the Versatile Features of VirtualBoxExploring the Versatile Features of VirtualBox
Exploring the Versatile Features of VirtualBox
 
Fedora Atomic Workshop handout for Fudcon Pune 2015
Fedora Atomic Workshop handout for Fudcon Pune 2015Fedora Atomic Workshop handout for Fudcon Pune 2015
Fedora Atomic Workshop handout for Fudcon Pune 2015
 
Credentials and VM Installation - Basic course.pdf
Credentials and VM Installation - Basic course.pdfCredentials and VM Installation - Basic course.pdf
Credentials and VM Installation - Basic course.pdf
 
12849144 how-to-install-a-cccam-server-on-windows
12849144 how-to-install-a-cccam-server-on-windows12849144 how-to-install-a-cccam-server-on-windows
12849144 how-to-install-a-cccam-server-on-windows
 
Mounting virtual hard drives
Mounting virtual hard drivesMounting virtual hard drives
Mounting virtual hard drives
 
Azure vm resizing the os disk
Azure vm resizing the os diskAzure vm resizing the os disk
Azure vm resizing the os disk
 
Puppet - Instant Data Center
Puppet - Instant Data CenterPuppet - Instant Data Center
Puppet - Instant Data Center
 
Installation of ESX Server
Installation of ESX ServerInstallation of ESX Server
Installation of ESX Server
 
Virtualization
VirtualizationVirtualization
Virtualization
 
FIWARE Lab Cloud Portal
FIWARE Lab Cloud PortalFIWARE Lab Cloud Portal
FIWARE Lab Cloud Portal
 
images_of_windows_xp_for_system_deployment_using_windows_pe
images_of_windows_xp_for_system_deployment_using_windows_peimages_of_windows_xp_for_system_deployment_using_windows_pe
images_of_windows_xp_for_system_deployment_using_windows_pe
 
Shadow forensics print
Shadow forensics printShadow forensics print
Shadow forensics print
 
FIWARE Tech Summit - FIWARE Lab Cloud
FIWARE Tech Summit - FIWARE Lab CloudFIWARE Tech Summit - FIWARE Lab Cloud
FIWARE Tech Summit - FIWARE Lab Cloud
 
VirtualBox Ubuntu Host Windows Guest
VirtualBox Ubuntu Host Windows GuestVirtualBox Ubuntu Host Windows Guest
VirtualBox Ubuntu Host Windows Guest
 

Kürzlich hochgeladen

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

Kürzlich hochgeladen (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

How to boot a VM form a Forensic Image

  • 1. How to boot a VM from a Forensic Image Krešimir Hausknecht, M.Sci.
  • 2. PLEASE BE CAREFULL! This process will probably change your original evidence so please make sure that it is being done on a copy!! 2
  • 3. VirtualBox & FTK Imager Install: 1. FTK Imager 2. VirtualBox • https://www.virtualbox.org/wiki/Downloads - VirtualBox 5.0.20 for Windows hosts x86/amd64 3
  • 4. 1. FTK Imager 1. File → Image Mounting 2. Select E01 image you want to mount 4
  • 5. 1. FTK Imager 3. Mount type: physical only 4. Mount method: block device/writeable 5. Write cache folder: C:tempVBox_cache • Choose a preferred destination cache folder 6. Mount – you will see which physical drive the image is mapped to • Note the Physical drive number, we’ll need that later… 5
  • 6. 6
  • 7. 2. Create a new folder For storing the virtual disk file later Eg. C:tempVbox_temp 7
  • 8. 3. Command prompt Run as administrator!! cd c:Program FilesOracleVirtualBox vboxmanage internalcommands createrawvmdk -filename C:tempVbox_tempimage.vmdk -rawdisk .physicaldriveX Replace the path, file name and physical drive accordingly 8
  • 9. 4. VirtualBox Run as administrator! Creating a new virtual machine: • Name: image • Type: Microsoft Windows • Version: <Select accordingly> • Memory size: 2GB RAM • Hard disk: use an existing virtual hard disk file → image.vmdk • File we created in the step before • START the machine • Cross you fingers! 9
  • 10. 10
  • 11. Issues When dismounted and mounted again – doesn’t work! • Windows Error Recovery (Launch startup repair or start windows normally) • Delete the following folder: • C:Usersuser.VirtualBox • Repeat the procedure It will not always work  11