After learning howto create a disk image (acquire disk image), we need to know how to mount this files and use it for further analysis.
Image mounting involves mounting the evidence disk image on the local system so the data on the disk can be analyzed and inspected.
In this lab, an evidence hard disk image is present on an external disk mounted on ‘/dev/sdc’. The dd tools are installed on the lab machine. Also, a flag file is kept in the /root directory of the disk image filesystem.
Objective: Mount the evidence disk image and retrieve the flag!
First let’s check if /dev/sdc is mounted
I’ll change the directory to /mnt/evidence
From there I’ll copy the evidence.img file to the root directory
cp evidence.img /root
file evidence.img
From here we’ll create a directory called «analysis»
mkdir analysis
mount evidence.img /analysis
df -h
cd /analysis/root
cat flag.txt
Schreib einen Kommentar