1) Install QEMU, a program that can covert vmware VMDK disks to RAW format that
is used as an input to the forensics programs (including Autopsy).
The command for that is:
$ yum install qemu (remember to enable networking on the CERT virtual machine if it is no on).
2) Execute $ qemu-img convert -O raw linux.vmdk raw-linux.bin
(from the shared folders directory "linux.vmdk" is the infected VM Disk)
No comments:
Post a Comment