Forum Discussion

User's avatar
User
Icon for Bronze II rankBronze II
3 months ago

Digital Forensics: BitLocker Encrypted Drive

I have correctly calculated the offset and have no trouble using the bdemount command however I would appreciate some help with troubleshooting the error recieved when using the mount command. 

All my commands executed in the lab so far

Thanks

help & support
  • NyePrior's avatar
    NyePrior
    2 months ago

    Thanks ChrisKershaw 🙂

    User can you try running your first bdemount command as root? I'd also recommend mounting to the /mnt folder on the host, rather than trying to manage mountpoints on the Desktop. 

     

  • ChrisKershaw's avatar
    ChrisKershaw
    Icon for Community Support rankCommunity Support
    3 months ago

    Hi there 👋🏻, 

    Welcome to the Human Connection! 

    I'm Chris, I work in the Customer Support Team at Immersive, and I'll be happy to help you with your lab issue 😊.

    I see you've used the correct sudo mount command, this should trigger a token that can be located within the /mnt/windows_mount directory. The second token is the deleted file.

    Does this help at all?

    • User's avatar
      User
      Icon for Bronze II rankBronze II
      3 months ago

      nothing shows despite me having used both full and incomplete file paths

      • ChrisKershaw's avatar
        ChrisKershaw
        Icon for Community Support rankCommunity Support
        2 months ago

        Hi there 👋🏻

        Thank you for getting back to me, I'm sorry that you are still having difficulties with the lab. 

        I'm going to tag my colleague, Nye, who works in our Content Team, to see if they can advise any further, so we can help you continue with your attempt.

        NyePrior do you have any other suggestions, that can help the user progress on this one?

  • OmarAlRashdi's avatar
    OmarAlRashdi
    Icon for Bronze I rankBronze I
    3 months ago

    I am having same issue with same error I have tried to mount to /mnt/usb (I had to create usb folder using sudo mkdir /mnt/usb as mount point) and also I have used full path for both bde1 and mount point but still no luck,

  • altmanoi's avatar
    altmanoi
    Icon for Bronze I rankBronze I
    2 days ago

    Hi

    I've tried following the instructions in this thread and running all of the commands as root, yet I get the same error message and when I use bdemount, the folder I have mounted to (/mnt/usb, where i have created usb with mkdir /mnt/usb) is empty