Date of Award
2012
Degree Type
Thesis
Degree Name
Master of Science in Computer Science
Department
Computer Science and Statistics
First Advisor
Victor Fay-Wolfe
Abstract
When an investigator attempts to bring a write blocked Windows dynamic disk online, Windows will refuse to mount it. This forces investigators to use the few tools that have built-in support for dealing with the RAID or to image the partition, and then mount the image. While imaging did not use to be an issue, with the rising sizes of disks available at low cost, it is becoming prohibitively expensive to image every software RAID. The solution is to mount the RAID through the use of a driver as a virtual disk.
The research was conducted by first analysing the Windows Dynamic Disk Logical Disk Manager database for the information needed in order to mount the RAID. Once the important information was identified, a Storport miniport driver was modified in order to mount the RAID after receiving the information. Finally the read function of the driver was designed handle mirrored, simple, spanned, and striped dynamic disks.
Speed results show that the driver achieves speeds between 4-10% slower on average and up to 15% slower when write blocked. The driver has been proven to be compatible with 32 bit Windows Vista, Server 2008 and 7, as well as 64 bit Windows 7 while in test mode. The hashes of the volume show it to be a bit-perfect copy of the Windows implementation, and several different file types were tested and open correctly without modifying the hash. Finally the driver has been tested and functions correctly on spanned, striped, mirrored, and simple RAIDs as well as correctly handling corrupted, linux, or GPT RAIDs when the RAID data was hand entered.
Recommended Citation
Ducharme, Daniel N., "Mounting a Windows Software Raid as a Virtual Disk" (2012). Open Access Master's Theses. Paper 1036.
https://digitalcommons.uri.edu/theses/1036
Terms of Use
All rights reserved under copyright.