[ALUG] Need new laptop AND seek recovery of files from VirtualBox

Phil Ashby phil.alug at ashbysoft.com
Sun May 28 17:17:36 BST 2017


On 28/05/17 12:00 Chris Green <cl at isbd.net> wrote:
 > Ted Harding <ted.harding at wlandres.net> wrote:
>> The Linux filesystems are in VirtualBox ".vdi" files on
>> the Windows XP system, which I was able to locate after
>> booting with the Slackware CD. I've been looking around
>> extensively for info about how to set about this. This
>> does not seem to be straightfoward unless the VDI file
>> is transerred (somehpow ... ) to another machine on which
>> VirtualBox is installed.
>>
> I think that's the only practical way, copy the .vdi files to a system
> which has VirtualBox installed and then get that system to boot the
> virtual linux.
>
> -- Chris Green

I've done similar in the past. Get the new machine sorted first, then 
either: boot up a live CD on the victim and export the local storage to 
the new machine (probably using the nice easy GUI 'sharing' stuff in 
Gnome these days); or remove the physical disk(s) and attach to the new 
machine via a USB caddy / directly into a disk slot if you have one 
spare, this may be easier than trying to get sharing guff to work.

Either way, you can copy off the whole VirtualBox VMs folder from the 
victim's storage, then work on a nice new/fast/not-broken machine to get 
them going again.

I use a similar approach to properly scan machines for malware, on the 
basis that one should never try and scan from within the possibly 
compromised OS. I export the raw disks using a live CD to another 
machine and scan from there.

Cheers,
Phil.




More information about the main mailing list