On Mon, 28 Nov 2016 12:48:10 -0800 (PST), ludwig jaffe <ludwig.ja...@gmail.com> wrote:
> As there are production data on the windows10 I want to know how to do > forensics here and recover the data. > There are no mountable file images. What to do? [...] > Any ideas? > -boot? > -forensics (at least)? Are you sure the are no mountable images? You should be able to attach images to other VM, something like this (in dom0): $ qvm-block -A work -f xvdi dom0:/var/lib/qubes/appvms/win7/root.img $ qvm-block -A work -f xvdj dom0:/var/lib/qubes/appvms/win7/private.img And then in VM (here: in a fedora-based appvm): $ sudo fdisk -l /dev/xvdi $ sudo fdisk -l /dev/xvdj $ sudo mount /dev/xvdi1 /mnt/disk1 $ sudo mount /dev/xvdi2 /mnt/disk2 $ sudo mount /dev/xvdj1 /mnt/disk3 That should give you access to your files. -- yaqu -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161128212720.7FC0D104509%40mail2.openmailbox.org. For more options, visit https://groups.google.com/d/optout.
