How to mount disk images for viewing and editing files (SOLVED)
How to view information about disk images. How to determine the file system of disk images
You can use the file command to analyze which file system is used in files that are disk images.
An example of checking the test.image file:
/mnt/disk_d/test.image: ISO 9660 CD-ROM filesystem data 'ARCH_202010' (bootable)
This is an ISO image.
An example of analyzing the disk.ntfs image:
/mnt/disk_d/disk.ntfs: DOS/MBR boot sector, code offset 0x52+2, OEM-ID "NTFS ", sectors/cluster 8, Media descriptor 0xf8, sectors/track 63, heads 255, dos < 4.0 BootSector (0x0), FAT (1Y bit by descriptor); NTFS, sectors/track 63, physical drive 0x80, sectors 15654911, $MFT start cluster 786432, $MFTMirror start cluster 2, bytes/RecordSegment 2^(-1*246), clusters/index block 1, serial number 06258074758071a05; contains bootstrap BOOTMGR
As you can see, this is an image with the NTFS file system.
Checking the rootfs.sfs image:
/mnt/disk_d/rootfs.sfs: Squashfs filesystem, little endian, version 4.0, zstd compressed, 625010200 bytes, 58466 inodes, blocksize: 262144 bytes, created: Sat Jun 6 08:14:32 2020
This is a Squashfs file system image.
Analysis of the ext3-img-kw-1.dd image:
/mnt/disk_d/ext3-img-kw-1.dd: Linux rev 1.0 ext3 filesystem data, UUID=e2307119-024a-427f-bd74-dbe8a95687a6, volume name "KW_SEARCH"
This is an ext3 file system image.
To practice in mounting image files, you can create images, for example, by making a clone of a flash drive something like this:
sudo dd if=/dev/sdc of=/mnt/disk_d/disk.ntfs
In this command, the dd utility reads the contents of the /dev/sdc disk and saves it to the /mnt/disk_d/disk.ntfs file. Remember that dd does not read files, but bytes from the entire disk. Therefore, the resulting image will be equal in size to the disk (partition) from which it was made, regardless of the fullness of this disk. That is, if a flash drive is 8 Gigabytes in size and nothing is written on it, you will still get an 8 Gigabyte image.
You can also go to the page http://dftt.sourceforge.net/ - there are links to tutorials from which you can download images of a variety of file systems.
How to mount a disk (partition) image file
The general view of the command to mount image files is as follows:
mount OPTIONS IMAGE DIRECTORY
- OPTIONS – mount utility options or mount options
- IMAGE – a file with a disk image
- DIRECTORY – folder where files from the mounted device will be available
In fact, the syntax for mounting images using mount differs from mounting a disk in that instead of a DEVICE, the path to the IMAGE is specified. It is optional to specify OPTIONS, the file system type will be determined automatically.
For example, one needs to mount the disk image disk.ntfs located at the path /mnt/disk_d/disk.ntfs.
Let's start by creating a temporary mount point in /tmp:
Mount the /mnt/disk_d/disk.ntf image to the /tmp/disk folder:
sudo mount /mnt/disk_d/disk.ntfs /tmp/disk
Let's look at the contents of the disk.ntfs image:
ls -l /tmp/disk
We can see the files located in the disk.ntfs image, they can be opened and copied.
Some file systems (eg ISO images) are read-only. But in this case, we can write any changes to the /tmp/disk folder, and they are saved in the disk.ntfs file even after unmounting and re-mounting disk.ntfs.
You can use any of the following commands to unmount the image:
sudo umount /PATH/TO/IMAGE sudo umount /MOUNT/POINT/
An example of viewing the contents of images using a mount
For practice, let's take the installation image of the Linux distribution. They are interesting because there can be several image files with different file systems at once. Let's take a look at the contents of the Manjaro installation CD for example.
Let's create a folder for mounting:
My installation disk is located along the path /mnt/disk_d/Share/manjaro-kde-20.0.3-200606-linux56.iso, and I will mount it in /tmp/iso, then the command is as follows:
sudo mount /mnt/disk_d/Share/manjaro-kde-20.0.3-200606-linux56.iso /tmp/iso
Received the following message:
mount: /tmp/iso: WARNING: source write-protected, mounted read-only.
It means that the mount was done, but the source is write-protected, so the disk is read-only. Remember that subsequent mounts of files from this image may be formally writable, but since the initial store is read-only, any changes made will not be saved.
Let's see the contents of the installation disk:
ls -l /tmp/iso
There, among other things, there is a file efi.img, let's check what file system it has:
/tmp/iso/efi.img: DOS/MBR boot sector, code offset 0x3c+2, OEM-ID "mkfs.fat", sectors/cluster 4, root entries 512, sectors 8192 (volumes <=32 MB), Media descriptor 0xf8, sectors/FAT 6, sectors/track 32, heads 64, serial number 0xf3278f27, label: "MISO_EFI ", FAT (12 bit)
It looks like it's FAT.
We can see the contents of this file. Let's create a mount point for it:
And mount the file /tmp/iso/efi.img to the /tmp/efi folder:
sudo mount /tmp/iso/efi.img /tmp/efi
Now the contents of this file are available to us:
ls -l /tmp/efi
Let's go back to our mounted ISO image and see the contents of the manjaro/x86_64/ folder:
ls -l /tmp/iso/manjaro/x86_64/
Tiny files with a .md5 extension are just checksums. But the files desktopfs.sfs, livefs.sfs, mhwdfs.sfs, and rootfs.sfs are more interesting. They contain the main files required for the LIVE image to work and to install the Linux distribution.
We can view the contents of these files. Let's say we are interested in desktopfs.sfs.
Create a new temporary mount point for it:
And mount the /tmp/iso/manjaro/x86_64/desktopfs.sfs file to the /tmp/desktopfs folder:
sudo mount /tmp/iso/manjaro/x86_64/desktopfs.sfs /tmp/desktopfs
Let's look at the contents of the desktopfs.sfs file:
ls -l /tmp/desktopfs
You can mount and examine the contents of other .sfs images on this installation disk yourself. Alternatively, you can download the Linux Mint installation disc for self-guided exercise. There, the file system image is located in the casper/filesystem.squashfs file.
As for the Kali Linux installation disk, the distribution maintainers did not use images there, but simply placed the files inside iso9660 filesystem, that is, it is not so interesting to explore.
- How to open disks of virtual machines and download and upload files to them (SOLVED) (78.6%)
- How to see and change timestamps in Linux. How to perform timestamps-based searching (57.2%)
- How to extract all web site passwords stored in web bowser (50%)
- How to find all passwords (web browsers, email programs, etc.) in Windows and Linux (50%)
- Indicators of Man-in-the-middle attacks (50%)
- How to install and run Apache Real Time Logs Analyzer System (ARTLAS) (RANDOM - 50%)