Hi,
is there a tool around which permits to mount raw disk images (removable
hd images), but at a level where the OS sees not just the volume (as
filedisk/paragon/mountimage pro and others do), but also the “virtual” hd ?
I’d need that because i need to run forensic analysis tools on such
images, and they need a real disk to work on.
Now, can you point me to such a tool if it exists, or tell me some tips
to realize myself such virtual disk ? Would be similar as to do a scsi
miniport for cdrom emulation ? And finally, why the above mentioned
tools do not “expose” a real disk but just a new virtual volume, as all
scsi miniports used for cdrom emulation do? I never coded such kind of
drivers, so i’d need to know in which direction to go
cheers and merry christmas
valerio
Hi Valerio,
I am not aware of any tools on the market to do this, but it seems
likely that one exists.
As for why most tools expose a volume – it’s easier, it short-circuits
what could be a fairly long IO path, and most tools deal with volumes
instead of partitions from user-mode.
Support for creation of such a virtual disk is very similar in concept
to emulation of a file-based virtual CDROM, both in command handling and
in bug-prone areas. If you have already written a viable CDROM
emulator, then you will find supporting a virtual DISK is a fairly
minimal amount of additional commands. For internal use, it should be
easy to get one that’s “good enough” (i.e. not worrying about
hiber/paging/etc.).
Hth,
.
-----Original Message-----
From: valerino [mailto:xxxxx@hotmail.com]
Sent: Thursday, December 23, 2004 4:52 PM
Subject: Question about virtual disk driver
Hi,
is there a tool around which permits to mount raw disk images (removable
hd images), but at a level where the OS sees not just the volume (as
filedisk/paragon/mountimage pro and others do), but also the “virtual”
hd ?
I’d need that because i need to run forensic analysis tools on such
images, and they need a real disk to work on.
Now, can you point me to such a tool if it exists, or tell me some tips
to realize myself such virtual disk ? Would be similar as to do a scsi
miniport for cdrom emulation ? And finally, why the above mentioned
tools do not “expose” a real disk but just a new virtual volume, as all
scsi miniports used for cdrom emulation do? I never coded such kind of
drivers, so i’d need to know in which direction to go
cheers and merry christmas
valerio