soleil wrote:
Hello everybody,
i need to analyze a .vdi image. i tried to import it in virtualbox but boot told me about this error " error loading operating system"...
Do you know if a special tool can give me the chance to explore a .vdi image?
Thank you
Wait a minute.
If you want to analyze a .vdi, the thing that you NOT do is attempting to boot from it.
But you may well boot in the VM a LiveCD of some kind, using the .vdi as non-boot hard disk.
There are two "main" .vdi format "fixed size" and "dinamycally expanding".
The first is just a RAW image with a header of several sector, the header + the mapping and some padding:
https://forums.virtualbox.org/viewtopic.php?t=8046
Typically you can access volumes inside a .vdi "fixed size" disk images on Windows by mounting the volume in IMDISK (i.e. providing manually the offset to the volume bootsector).
http://reboot.pro/topic/2220-image-file-offset/?p=14502
but recent version of IMDISK support all versions of .vdi through Discutils.
Under Linux you can use (examples):
http://www.linuxharbour.com/mounting-virtualbox-vdi-image-file/
http://www.mimamau.de/stuff/mount_vdi_linux.htm
The approach that makes more sense (IMHO) if the scope is a forensic examination is to use VboxManage to clone the image converting it to RAW:
https://www.virtualbox.org/manual/ch08.html#vboxmanage-clonevdi
jaclaz
↧