Ok, so we need to mount a raw image to be able to extract some files from it. Prior to doing this, we need to do a few things.
Run the file command, to identify how many partitions are within the file, and where the disk sectors start. After this, we’re going to use fdisk to see where the file system starts.
Command:
sudo fdisk -l testfile.raw
Command Output:
Disk testfile.raw: 100 GiB, 107374182400 bytes, 209715200 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x4d617c76
Device Boot Start End Sectors Size Id Type
TESTHOST.raw1 * 2048 206847 204800 100M 7 HPFS/NTFS/exFAT
TESTHOST.raw2 206848 209713151 209506304 99.9G 7 HPFS/NTFS/exFAT
****
See how the second partition is 99G? This is the one we are going to mount. As the file system starts at sector 206,848 we need to multiply this by 512bytes to obtain the correct number to input into the mount command.
How do I know each sector is 512 bytes long? When we ran fdisk above, it kindly told us!
So, by multiplying 206848 (sector start for partition 2) by 512 (cluster byte length) we get 105,906,176. Now we’re going to use that for the mount command.
Command:
sudo mount -o ro,loop,offset=105906176 testfile.raw /mnt/windows_mount
Command output:
If it works, you’ll see nothing. Verify it worked by doing ls -lah /mnt/windows_mount
Remember, you’ll need to have the directory created prior to running the command!