Tux beats windows
Site Informations
Gillen Daniel

What is xmount?
xmount allows you to convert on-the-fly between multiple input and output harddisk image types. xmount creates a virtual file system using FUSE (Filesystem in Userspace) that contains a virtual representation of the input image. The virtual representation can be in raw DD, DMG, VHD, VirtualBox's virtual disk file format or in VmWare's VMDK file format. Input images can be raw DD, EWF (Expert Witness Compression Format) or AFF (Advanced Forensic Format) files. In addition, xmount also supports virtual write access to the output files that is redirected to a cache file. This makes it possible to boot acquired harddisk images using QEMU, KVM, VirtualBox, VmWare or alike.

System requirements:
  - Kernel 2.6.x
  - FUSE library
Mac OS X
  - OS X 10.6 or above

The easiest way is to follow the instructions under "Community -> DEBIAN PKG SERVER" and then execute "sudo apt-get install xmount".

If you want / need to build the source, get it below and follow the instructions contained in xmount's README file.

Using xmount to boot acquired harddisk images in a virtual machine
Refer to my HOWTO on booting an acquired hard disk image containing a Windows installation below.

Big thanks fly out to Guy Voncken who gave me the idea of coding this tool and helped me fixing / avoiding some serious bugs :) Please check out his excellent forensic harddisk image acquisition tool named Guymager (http://guymager.sourceforge.net)

News / Development status
New in version 0.7.x:
 * New build system using cmake.
 * New command line syntax. Make sure to check the man page!
 * New --offset and --sizelimit command line parameters.
 * Support for multiple input images.
 * Support for image morphing. Currently supporting combine, raid (RAID0) and unallocated (HFS and FAT).
 * Internal support for ewf files.

I'm currently working on the following things:
 * New cache file format (I'm sorry, but the old one won't allow me to implement new features)
 * Generation of complete VMWare machines that can be directly run in VMWare Player

Please see my bug tracker

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

Debian / Ubuntu packages: See "Community -> DEBIAN PKG SERVER"
Fedora and CentOS/RHEL packages: See CERT Forensics Tools Repository
Mac OS X package: xmount-0.5.0-i386.pkg
Mac OS X 64bit package: xmount-0.5.0-x86_64.pkg
Source: xmount-0.7.3.tar.gz (SHA256: ab2240f79ebfa2119452d8f5327dbc5b7a4d043747d36d897b8f5a207dab9888)
Source: Git repository
Docs: HOWTO-BootingAcquiredWindows.pdf