Hello to all,
I'm using the foremost tool to keep files from a vmdk file. (It is an experiment for my thesis work). The problem is that the tool also retrieves the default windows 10 images. Is there a way to prevent wondows 10 default images from appearing?
Have you tried modifying the configuration file?
Have you tried modifying the configuration file?
No, i'm new with this tool.
Can you help me?
Another question.
I am currently using a vmdk file. Is it correct or should I first convert it to raw?
https://
https://
https://
www.systutorials.com/docs/linux/man/8-foremost/ https://
wiki.archlinux.org/index.php/Foremost
Thanks, but not work….
Is it good practice to analyze the vmdk file directly? Or is it better to convert it to a raw format?
Is it good practice to analyze the vmdk file directly? Or is it better to convert it to a raw format?
Ok, you actually asked for it.
The answer is "it depends".
It depends on which specific (among the zillion available ones) format of vmdk is used and how (exactly) the image is created and populated.
Here is an overview of vmdk formats, some are EXACTLY the same as a RAW image, some are very unlike it
http//
http//
See also
https://
About your original question
Hello to all,
I'm using the foremost tool to keep files from a vmdk file. (It is an experiment for my thesis work). The problem is that the tool also retrieves the default windows 10 images. Is there a way to prevent wondows 10 default images from appearing?
I cannot understand it, can you try better explaining what is the issue at hand?
What do you mean by "keep files"?
What do you mean by "default windows 10 images"?
Do you mean the pictures (image files such as .png, .bmp and .jpg) that are included in a "default" Windows 10 install?
jaclaz
Is it good practice to analyze the vmdk file directly? Or is it better to convert it to a raw format?
Ok, you actually asked for it.
The answer is "it depends".
It depends on which specific (among the zillion available ones) format of vmdk is used and how (exactly) the image is created and populated.
Here is an overview of vmdk formats, some are EXACTLY the same as a RAW image, some are very unlike it
http//sanbarrow.com/vmdk-handbook.html
http//sanbarrow.com/vmdk-basics.html#sparseandflat See also
https://
github.com/libyal/libvmdk/blob/master/documentation/VMWare%20Virtual%20Disk%20Format%20(VMDK).asciidoc I cannot understand it, can you try better explaining what is the issue at hand?
What do you mean by "keep files"?
What do you mean by "default windows 10 images"?
Do you mean the pictures (image files such as .png, .bmp and .jpg) that are included in a "default" Windows 10 install?jaclaz
Yes, default image included in Windows 10 install.
Yes, default image included in Windows 10 install.
Easiest - assuming that you won't need to boot the image again (let's start calling "image" the actual filesystem image - the .vmdk - and "pictures" the image files such as .jpg, etc.) would be to fill the picture files with 00's, they will still appear as files but they won't be carved by foremost anymore as pictures.
jaclaz