Hi Everyone,

I've setup a machine for malware analysis, i've Ubuntu linux and Win XP installed on the machine, What is the quickest or best solution for reimaging the machine after i do the malware analysis .( i don't want to use virtualization solutions as some of the malware have antiVM techniques ). I tried to use partImage but it looks like it is for linux OS, does anyone have experience or knowledge how i can use PartImage in my case? Anyother suggestions and guidance are welcome .

Thanks in advance.
charlie

Hi,

Any ghosting solution will do. We use a custom ghosting solution at work (consisting of booting a very tiny linux and dd-ing/gzipping to a server), there is also Norton's, Acronis'...
I, however, strongly advise you to use virtualization, VM detection can still be defeated and benefits in terms of image reverting are quite significant... If well configured, isolation works quite well and VM evasion is still rare.

partimage is a great tool!.you can use partimage for backing up your windows partition since you've installed linux.

Howdy,

I agree with Silkut, better to have a VM then none at all.

I use DriveImage XML.

Woodmann

If you are laying down a windows image I would recommend imageX.

http://technet.microsoft.com/en-us/library/cc748966%28WS.10%29.aspx

They should have a pretty good walk through on getting you set up there. It usually takes about 15 minutes to lay down your image once you have everything set up. Recommendations are a PE with imageX and a external drive with enough space to store that wim.

Again this is for windows.

Can anyone please recommend free ghost imaging software , google suggests norton ghost image software which we is commercial , any thoughts ?

thanks in advance
charile

Clonezilla.

PC Disk Clone Free 8.0

http://www.softpedia.com/get/CD-DVD-Tools/Virtual-CD-DVD-Rom/PC-Disk-Clone-Free.shtml

as advertised, looks ossom.. who knows..

well, it is somehow fun..