Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F4371111
README
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Size
6 KB
Referenced Files
None
Subscribers
None
README
View Options
XMOUNT README FILE
Table of contents
0.0 Author and license stuff
1.0 What is xmount? - A short description
2.0 A deeper view of things
2.1 Emulated DD file
2.2 Emulated VDI file
2.3 Emulated VMDK file
2.4 Emulated VHD file
2.5 Virtual write access
3.0 Installation instructions
3.1 Prerequisits
3.1 Install from a package
3.2 Install from source
4.0 xmount command line parameters
4.1 xmount usage examples
0.0 Author and license stuff
xmount Copyright (c) 2008-2012 by Gillen Daniel <gillen.dan@pinguin.lu>
This program is free software: you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation, either version 3 of the License, or (at your option) any later
version.
This program is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
this program. If not, see <http://www.gnu.org/licenses/>.
---
Due to AFFLIB, I have to mention that:
This product includes software developed by Simson L. Garfinkel and Basis
Technology Corp.
1.0 What is xmount? - A short description
xmount allows you to convert on-the-fly between multiple input and output
harddisk image types. xmount creates a virtual file system using FUSE
(Filesystem in Userspace) that contains a virtual representation of the input
image. The virtual representation can be in raw DD, VirtualBox's virtual disk
file format, Microsoft's Virtual Hard Disk Image format or in VmWare's VMDK
file format. Input images can be raw DD, EWF (Expert Witness Compression
Format) or AFF (Advanced Forensic Format) files. In addition, xmount also
supports virtual write access to the output files that is redirected to a
cache file. This makes it possible to boot acquired harddisk images using
QEMU, KVM, VirtualBox, VmWare or alike.
2.0 A deeper view of things
2.1 Emulated DD file
This is the standard data representation used by xmount. It is a file
containing the raw data contained in the input image file.
2.2 Emulated VDI file
When using the "--out vdi" command line parameter, a VirtualBox disk file
is emulated. This means that xmount builds a virtual VDI header and prepends
it to the raw data contained in the input image. The VDI file can be used in
VirtualBox as a virtual disk file.
2.3 Emulated VMDK file
When using the "--out vmdk(s)" command line paramter, a VMWare virtual disk
file will be emulated. This mainly consists in building a VMDK descriptor
file that will access an emulated DD file. You can use this VMDK file to
add your input image as virtual disk to a VMWare virtual machine. "vmdk" is
a VMWare disk attached to the IDE bus and "vmdks" is attached to the SCSI
bus.
When emulating VMDK files to be used in VMWare, you have to enable
"user_allow_other" in /etc/fuse.conf or run xmount and VmWare as root.
WARNING: VMDK support should be considered experimental and currently the
VMDK descriptor file isn't cached.
2.4 Emulated VHD file
When using the "--out vhd" command line parameter, a Virtual Hard Disk Image
file is emulated by appending to the raw data a valid VHD footer. Valid here
means as described in Microsoft's Virtual Hard Disk Image Format specs v1.
2.5 Virtual write access
By using the "--cache <cache_file>" command line parameter, xmount allows
you to change data in the emulated image files. All changes are written to a
separate cache file. No data will ever be written to the original input
image files! Write access is limited to change existing data. It isn't
possible to change the emulated image's file size (no append or truncate)!
The same cache file can be used with different output image formats without
loosing changed data.
3.0 Installation instructions
To install xmount, you can use a prebuild package for your distribution or
you can build xmount from source. The two methods are described in the
following sections.
3.1 Prerequisits
SYSTEM:
Some sort of Linux with a recent kernel (2.6.x or above).
FUSE:
Your os must support FUSE and have the appropriate libraries installed.
(See http://fuse.sourceforge.net/ for more informations). To be able to
install from source, you also need the FUSE header files.
LIBEWF:
To enable EWF input image support. Get it from
http://sourceforge.net/projects/libewf/
LIBAFF:
To enable AFF input image support. Get it from http://www.afflib.org/
3.2 Install from a package
Chances are I provide prebuild binary packages for Debian / Ubuntu. In this
case, you only have to fire up your distribution's package manager and
install xmount. See https://www.pinguin.lu for more informations and
download links.
3.3 Install from source
After having checked the prerequisits, you should be able to compile and
install xmount by simply issuing the following three commands:
# ./configure
# make
# make install
4.0 xmount command line parameters
xmount [[fopts] [mopts]] <ifile> [<ifile> [...]] <mntp>
fopts:
-d : Enable FUSE's and xmount's debug mode.
-s : Run single threaded.
-o no_allow_other : Disable automatic addition of FUSE's allow_other option.
-o <fmopts> : Specify fuse mount options. Will also disable automatic
addition of FUSE's allow_other option!
mopts:
--cache <file> : Enable virtual write support and set cachefile to use.
--in <itype> : Input image format. <itype> can be "dd", "ewf".
--info : Print out some infos about used compiler and libraries.
--out <otype> : Output image format. <otype> can be "dd", "vdi", "vhd", "vmdk(s)".
--owcache <file> : Same as --cache <file> but overwrites existing cache.
--rw <file> : Same as --cache <file>.
--version : Same as --info.
INFO: Input and output image type defaults to "dd" if not specified.
ifile:
Input image file. If you use EWF files, you have to specify all image
segments! (If your shell supports it, you can use .E?? as file extension
to specify them all)
mntp:
Mount point where virtual files should be located.
4.1 xmount usage examples
To xmount an EWF harddisk image from your acquired disk as a raw DD image
under /mnt, use the following command:
xmount --in ewf ./acquired_disk.E?? /mnt
To xmount the same ewf image as vdi file, you would use a command like this:
xmount --in ewf --out vdi ./acquired_disk.E?? /mnt
And to enable virtual write support on a raw DD input image xmounted as VDI
file:
xmount --out vdi --cache ./acquired_disk.cache ./acquired_disk.dd /mnt
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Tue, Feb 25, 6:01 AM (1 d, 6 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
1199830
Default Alt Text
README (6 KB)
Attached To
Mode
rXMOUNT xmount
Attached
Detach File
Event Timeline
Log In to Comment