Jump to content

VHD Mount

llewxam

By llewxam,
in AutoIt Example Scripts

 Share

Recommended Posts

llewxam Universalist

llewxam

Posted
Posted

In my never-ending quest to help people recover data from failing hard drives I am constantly trying new things. My most recent way of handling the REALLY ugly situations has been to create a forensic image of the failing drive with WinHex, and when the drives are REALLY bad I hook them up with a USB bridge that seems to have its own timeout for bad sectors and again turn to WinHex. The only bummer is that I am a big fan of BinaryBiz VirtualLab but that can not open the RAW images created by WinHex. R-Studio does fine, and is OK, but I just prefer VirtualLab....

So I got to thinking and started investigating software to mount the RAW images and almost got locked in to another for-pay piece of software to do it when I came across the fact that Windows 7 can mount it using DiskPart. A few experiments later I have what I bring you now - a very quick, and FREE, way to mount those images using native a Windows utility.

;~ Convert a RAW hard drive image to a VHD image, then mount it via DiskPart for data recovery.  Readonly is used to ensure that no corruption of the image is allowed to happen.

;~ Coded by Ian Maxwell (llewxam @ www.autoitscript/forum)
;~ Autoit 3.3.6.1

;~ You must have VhdTool.exe in the script dir to run/compile, please download it at http://archive.msdn.microsoft.com/vhdtool


;~ ensure minimum OS build, this feature is not available on OSs older than Windows 7
#RequireAdmin
If @OSBuild < 7600 Then
MsgBox(16, "ERROR", "You must have at least Windows 7 to support loading VHD images via DiskPart.")
Exit
Else
FileInstall("VhdTool.exe", @TempDir & "\VhdTool.exe", 1)
EndIf

$RawImage = FileOpenDialog("Select the original RAW hard drive image", @DesktopDir, "All (*.*)")
$YesOrNo = MsgBox(4 + 32, "Convert?", "Do you need to convert this image to a VHD?" & @CR & "(This only needs to be done once)")
If $YesOrNo == 6 Then
ShellExecuteWait(@TempDir & "\VhdTool.exe", "/convert " & $RawImage & " /quiet")
EndIf

;~ build the list of functions for DiskPart to use for mounting the image and setting the readonly flag
FileDelete(@TempDir & "\mount.txt")
$Mount = FileOpen(@TempDir & "\mount.txt", 1)
FileWriteLine($Mount, "sel vdisk file='" & $RawImage & "'")
FileWriteLine($Mount, "attach vdisk")
FileWriteLine($Mount, "attributes disk set readonly")
FileClose($Mount)
ShellExecuteWait("diskpart.exe", "/s " & @TempDir & "\mount.txt")

;~ build the list of functions for DiskPart to use for unmounting the image
FileDelete(@TempDir & "\unmount.txt")
$Unmount = FileOpen(@TempDir & "\unmount.txt", 1)
FileWriteLine($Unmount, "sel vdisk file='" & $RawImage & "'")
FileWriteLine($Unmount, "detach vdisk")
FileClose($Unmount)

;~ place a shortcut on the desktop for the unmounting of the image
FileDelete(@DesktopDir & "\Unmount Virtual Disk.bat")
$Batch = FileOpen(@DesktopDir & "\Unmount Virtual Disk.bat", 1)
FileWriteLine($Batch, "diskpart /s " & @TempDir & "\unmount.txt")
FileClose($Batch)

MsgBox(0, "Done", "Your image has been mounted.  To unmount the image use the Unmount Virtual Disk.bat file placed on your desktop.")

I have not added any error checking, as it has simply not failed yet. :D OK, horrible reason I am the first to admit, but if there is enough interest in this then I will pursue it by catching the StdOut. For now, consider this a taste of things on my mind......

Enjoy

Ian

My projects:

  • IP Scanner - Multi-threaded ping tool to scan your available networks for used and available IP addresses, shows ping times, resolves IPs in to host names, and allows individual IPs to be pinged.
  • INFSniff - Great technicians tool - a tool which scans DriverPacks archives for INF files and parses out the HWIDs to a database file, and rapidly scans the local machine's HWIDs, searches the database for matches, and installs them.
  • PPK3 (Persistent Process Killer V3) - Another for the techs - suppress running processes that you need to keep away, helpful when fighting spyware/viruses.
  • Sync Tool - Folder sync tool with lots of real time information and several checking methods.
  • USMT Front End - Front End for Microsoft's User State Migration Tool, including all files needed for USMT 3.01 and 4.01, 32 bit and 64 bit versions.
  • Audit Tool - Computer audit tool to gather vital hardware, Windows, and Office information for IT managers and field techs. Capabilities include creating a customized site agent.
  • CSV Viewer - Displays CSV files with automatic column sizing and font selection. Lines can also be copied to the clipboard for data extraction.
  • MyDirStat - Lists number and size of files on a drive or specified path, allows for deletion within the app.
  • 2048 Game - My version of 2048, fun tile game.
  • Juice Lab - Ecigarette liquid making calculator.
  • Data Protector - Secure notes to save sensitive information.
  • VHD Footer - Add a footer to a forensic hard drive image to allow it to be mounted or used as a virtual machine hard drive.
  • Find in File - Searches files containing a specified phrase.
Link to comment
Share on other sites
storme Universalist

storme

Posted
Posted

Looks interesting. I've Never used winhex before, but after a quick Google it does look interesting. :D

I've always just used "getdataback" the only failures I've had the drive has been physically damaged.

We have a data recovery expert in the area so if it gets that back I send people his way.

However next time I get one that GDB can't get into I'll try winhex..... and I'll have another look when I have seom more time.... it does look interesting.

Thanks

John Morrison

Some of my small contributions to AutoIt Browse for Folder Dialog - Automation SysTreeView32 | FileHippo Download and/or retrieve program information | Get installedpath from uninstall key in registry | RoboCopy function John Morrison aka Storm-E

Link to comment
Share on other sites
llewxam Universalist

llewxam

Posted
  • Author
Posted

Yeah, please do. I am also looking at other free apps for making forensic images but haven't used them when it matters yet. DrDD is the one most interesting to me at the moment, but WinHex is not too expensive.

Tip: When making your image, hook the failing drive up to a machine that you can disable SMART in the BIOS, and try a USB to SATA/IDE adapter if the drive is so bad that WinHex locks up. I'll have to find the chipset of the one I use, it was a cheap thing, nothing special, but I have found it to improve the fault tolerance a LOT. I recently did a data recovery for a guy from Saudi Arabia visiting the US as part of a military training program whose hard drive died, the image took 12 days to complete because the drive was so bad, but I recovered 45GB of data! Cool stuff.

Ian

My projects:

  • IP Scanner - Multi-threaded ping tool to scan your available networks for used and available IP addresses, shows ping times, resolves IPs in to host names, and allows individual IPs to be pinged.
  • INFSniff - Great technicians tool - a tool which scans DriverPacks archives for INF files and parses out the HWIDs to a database file, and rapidly scans the local machine's HWIDs, searches the database for matches, and installs them.
  • PPK3 (Persistent Process Killer V3) - Another for the techs - suppress running processes that you need to keep away, helpful when fighting spyware/viruses.
  • Sync Tool - Folder sync tool with lots of real time information and several checking methods.
  • USMT Front End - Front End for Microsoft's User State Migration Tool, including all files needed for USMT 3.01 and 4.01, 32 bit and 64 bit versions.
  • Audit Tool - Computer audit tool to gather vital hardware, Windows, and Office information for IT managers and field techs. Capabilities include creating a customized site agent.
  • CSV Viewer - Displays CSV files with automatic column sizing and font selection. Lines can also be copied to the clipboard for data extraction.
  • MyDirStat - Lists number and size of files on a drive or specified path, allows for deletion within the app.
  • 2048 Game - My version of 2048, fun tile game.
  • Juice Lab - Ecigarette liquid making calculator.
  • Data Protector - Secure notes to save sensitive information.
  • VHD Footer - Add a footer to a forensic hard drive image to allow it to be mounted or used as a virtual machine hard drive.
  • Find in File - Searches files containing a specified phrase.
Link to comment
Share on other sites
  • 3 years later...
  • Moderators
Melba23 Universalist

Melba23

Posted
  • Moderators
Posted (edited)

EugeneMorris,

We do not accept advertising for payware products - please do not do it again. :)

M23

Edited by Melba23
Typo

Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Link to comment
Share on other sites
llewxam Universalist

llewxam

Posted
  • Author
Posted

LOL, especially as one of the main points was relying on VHDTool to add a footer which I have since written myself.  '?do=embed' frameborder='0' data-embedContent>>

Hooray for native AutoIt, free, and open-source!

Ian

My projects:

  • IP Scanner - Multi-threaded ping tool to scan your available networks for used and available IP addresses, shows ping times, resolves IPs in to host names, and allows individual IPs to be pinged.
  • INFSniff - Great technicians tool - a tool which scans DriverPacks archives for INF files and parses out the HWIDs to a database file, and rapidly scans the local machine's HWIDs, searches the database for matches, and installs them.
  • PPK3 (Persistent Process Killer V3) - Another for the techs - suppress running processes that you need to keep away, helpful when fighting spyware/viruses.
  • Sync Tool - Folder sync tool with lots of real time information and several checking methods.
  • USMT Front End - Front End for Microsoft's User State Migration Tool, including all files needed for USMT 3.01 and 4.01, 32 bit and 64 bit versions.
  • Audit Tool - Computer audit tool to gather vital hardware, Windows, and Office information for IT managers and field techs. Capabilities include creating a customized site agent.
  • CSV Viewer - Displays CSV files with automatic column sizing and font selection. Lines can also be copied to the clipboard for data extraction.
  • MyDirStat - Lists number and size of files on a drive or specified path, allows for deletion within the app.
  • 2048 Game - My version of 2048, fun tile game.
  • Juice Lab - Ecigarette liquid making calculator.
  • Data Protector - Secure notes to save sensitive information.
  • VHD Footer - Add a footer to a forensic hard drive image to allow it to be mounted or used as a virtual machine hard drive.
  • Find in File - Searches files containing a specified phrase.
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...