Sign in to follow this  
Followers 0
llewxam

VHD footer

1 post in this topic

I have been putting together some forensic drive tools for quite some time, off and on for about 2 years.  I recently started up on it again and decided that I would rather have a native function to create a VHD footer instead of bundling and calling VhdTool or other apps, so sat down with Microsoft's reference and put this together.  This has been GUI-fied for use as a standalone tool as I am still a long way from being happy with the full suite of tools in development.

Obviously if you are reading this you should know, but to explain the purpose, if you have made a forensic image of a hard drive and want to mount it or use it as a virtual hard drive in a virtual machine, you can not just use the forensic image as-is.  The footer that is needed is 512 bytes appended to the image and contains various items used to verify the image.  Some of Microsoft's documentation was pretty poor, but after about 8 hours of poking at it this tool is working great.  The only oddity I have noticed is that following the equations given for calculating the drive geometry, the virtual shows up as having slightly less space than the original drive when it was imaged.  I seem to not be alone in this as I saw several posts online from the folks who make QEMU discussing the same thing.  I have the cylinder count rounding up rather than down to make a tiny correction (seems that VhdTool uses Floor, I use Ceiling) but I didn't want to tamper with things too much with the CHS calculation.

Enjoy

Ian

footer3_gui.au3

1 person likes this

My projects:

  • IP Scanner - Multi-threaded ping tool to scan your available networks for used and available IP addresses, shows ping times, resolves IPs in to host names, and allows individual IPs to be pinged.
  • INFSniff - Great technicians tool - a tool which scans DriverPacks archives for INF files and parses out the HWIDs to a database file, and rapidly scans the local machine's HWIDs, searches the database for matches, and installs them.
  • PPK3 (Persistent Process Killer V3) - Another for the techs - suppress running processes that you need to keep away, helpful when fighting spyware/viruses.
  • Sync Tool - Folder sync tool with lots of real time information and several checking methods.
  • USMT Front End - Front End for Microsoft's User State Migration Tool, including all files needed for USMT 3.01 and 4.01, 32 bit and 64 bit versions.
  • Audit Tool - Computer audit tool to gather vital hardware, Windows, and Office information for IT managers and field techs. Capabilities include creating a customized site agent.
  • CSV Viewer - Displays CSV files with automatic column sizing and font selection. Lines can also be copied to the clipboard for data extraction.
  • MyDirStat - Lists number and size of files on a drive or specified path, allows for deletion within the app.
  • 2048 Game - My version of 2048, fun tile game.
  • Juice Lab - Ecigarette liquid making calculator.
  • Data Protector - Secure notes to save sensitive information.
  • VHD Footer - Add a footer to a forensic hard drive image to allow it to be mounted or used as a virtual machine hard drive.
  • Find in File - Searches files containing a specified phrase.

Share this post


Link to post
Share on other sites



Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0