How to Mount (or Read) a DD Raw Disk Image using C# Code.
Hi, I have a forensic image of a hard drive that was created using the DD command line program (also know as GNU DD). The DD program, which is commonly used in Linux and Unix, basically creates a raw image of the media. The raw DD image has a .001 file extension.
So, I have the image and I would like to write C# code to read that image back (or mount the image) and recreate the directory / file structure, so I can read and examine the file therein.
I know that there are A LOT of commercial choices available, some of which are free. - Being able to read the image is not the objective. My objective is being able to write the code that can read the image and that can recreate the file structure.
I'd like to create a small application that I can browse to the DD image, select it, and "mount" it in a "tree pane" type of window. This is the first part of a much bigger project, but without this part, the rest of the project is pointless.
Does anyone have any insight into working with DD images or an approach to reading (mounting) a raw image file using C# code? (By image I mean it in the context of a "raw disk image", not a picture image, such as a .JPG or .GIF, etc.)
Would I have to implement something like the Mount method of the Msvm_ImageManagementServic
Any advice of how to approach this code would be very helpful.
And as always, your advice is greatly appreciated!
Fulano
So, I have the image and I would like to write C# code to read that image back (or mount the image) and recreate the directory / file structure, so I can read and examine the file therein.
I know that there are A LOT of commercial choices available, some of which are free. - Being able to read the image is not the objective. My objective is being able to write the code that can read the image and that can recreate the file structure.
I'd like to create a small application that I can browse to the DD image, select it, and "mount" it in a "tree pane" type of window. This is the first part of a much bigger project, but without this part, the rest of the project is pointless.
Does anyone have any insight into working with DD images or an approach to reading (mounting) a raw image file using C# code? (By image I mean it in the context of a "raw disk image", not a picture image, such as a .JPG or .GIF, etc.)
Would I have to implement something like the Mount method of the Msvm_ImageManagementServic
Any advice of how to approach this code would be very helpful.
And as always, your advice is greatly appreciated!
Fulano
David Johnson, CD
c++ is what is needed here. you have to query each sector and attemp to idenify the file system used and build a virtual filesystem.
ASKER
Hi David, thank for the advice. Unfortunately, I'm not very versed in C++ and learning it would be an uphill climb. I know a little, which is just enough to get myself into a mess...
However, let me ask you why you think C++ is my only option. Why not C#? Could you shed some light on your thinking regarding this matter?
Thanks,
Fulano
However, let me ask you why you think C++ is my only option. Why not C#? Could you shed some light on your thinking regarding this matter?
Thanks,
Fulano
ASKER
David, perhaps my questions is vague...so let me rephrase it.
You stated that I need to:
a). use C++,
b). query each sector,
c). identify the file system
d). build a virtual file system.
OK, so we know a DD Image is a sector by sector copy of the subject media. We also know we need to recreate or "build" a virtual file system from the DD image...So the only thing you've said that we didn't already know is that I would need to use C++.
OK, my questions regarding your suggestion are:
1). Why C++?
2). Do you have any examples, tutorials, articles, or documentation to support your suggestion that would help me further my project?
Thanks,
Fulano
You stated that I need to:
a). use C++,
b). query each sector,
c). identify the file system
d). build a virtual file system.
OK, so we know a DD Image is a sector by sector copy of the subject media. We also know we need to recreate or "build" a virtual file system from the DD image...So the only thing you've said that we didn't already know is that I would need to use C++.
OK, my questions regarding your suggestion are:
1). Why C++?
2). Do you have any examples, tutorials, articles, or documentation to support your suggestion that would help me further my project?
Thanks,
Fulano
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you David. I was afraid that would be the case. I understand the issue with the low level languages and understand your explanation. I was hoping I could do it with C#, but that doesn't seem to be a possibility.
The disk format part is not an issue. I understand that part of it quite well. The "how to convert the sectors into a readable tree structure" is the part I'm struggling with.
Thanks for the help.
Fulano
The disk format part is not an issue. I understand that part of it quite well. The "how to convert the sectors into a readable tree structure" is the part I'm struggling with.
Thanks for the help.
Fulano
ASKER
Good advice.