> For the complete documentation index, see [llms.txt](https://wongkenny240.gitbook.io/computerforensics/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://wongkenny240.gitbook.io/computerforensics/others/mounting-an-image-to-a-vm.md). # Mounting an image ## FTK Imager For this case I'll use a VMware Workstation for Windows and VirtualBox for Linux as a virtualization platforms. ### Windows Part 1. Open FTK Imager and mount the .e01 image as a **physical** (only) device in **Writable** mode ![](https://habrastorage.org/webt/lb/c6/lv/lbc6lvyxg1ezhi-lvzhv4bw4_uq.gif) 1. Notice a resulting device name. In this case it's a **PhysicalDrive3** 2. Open VMware Workstation and create a new VM, but **don't create a virtual disk** (or remove one if exist). You have to choose **Use a Physical Disk** in Virtual Machine Setting or add a new virtual disk as primary to the existing VM. You remember that our .e01 image is **PhysicalDrive3** now ![](https://habrastorage.org/webt/dp/4a/6f/dp4a6fqh_24o4ze2lbnv8xybvpi.gif) 1. So, you just need to start a VM and watching some IT magic ![](https://habrastorage.org/webt/tl/k8/ad/tlk8adlpbniuw69wvv5msg6pa_g.gif) ## Arsenal Image Mounter ![Mount disk image](/files/-MEx66h5XuwhuxYTLizR) 1. Select Mount disk image and select the file you want to mount 2. I usually select **Write temporary disk device** ![](/files/-MEx6ScqpfemaLKB6wMk) *Note: This is useful to unlock physical image of Windows 10 by mounting the physical image in a Windows 10 environment.* ## Linux Part (SIFT) 1. The mostly typical tool using to attach .e01 images is ewfmount.py script. But there is a one hard limitation — this image being attached in **Read-only mode**. It's inappropriate for virtual machine. Therefore we'll use **xmount** command like: ``` sudo xmount --in ewf --cache --out vdi ``` The main features of xmount for us — it mounts the image in Read-Write mode and it can take a lot of image types on input. You can check for xmount syntax [here](https://github.com/mika/xmount/blob/master/README). ![](https://habrastorage.org/webt/cf/lt/p7/cfltp73nepf_wxuf5gcph_vif98.gif) 1. Ok, now we have a .vdi image in /mnt/windows\_mount 2. Let's open a VirtualBox and create a new VM with our .vdi image (choose existing disk) as a primary disk ![](https://habrastorage.org/webt/l4/ly/fd/l4lyfdkcsloromsy4ilflmntqxi.gif) 1. Finally just boot up the VM and enjoy! ![](https://habrastorage.org/webt/df/5m/mc/df5mmcf7s2rotceezw8htzgs0ui.gif) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://wongkenny240.gitbook.io/computerforensics/others/mounting-an-image-to-a-vm.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.