Reading Raw Disk Images with 7zip

7zip has been a staple utility on any Windows system I work with as it is very versatile and much more than a simple archive creation and extraction tool.

It’s very good at doing what you’d expect; Handling all of the day-to-day formats you tend to come across (such as Zip and RAR) as well as plenty of less well-known or older formats (lha yay!). The interface is clean and the OS integration isn’t very intrusive (and you can remove it anyway if you’re not a fan of items cluttering your context menu).

I’ve always been impressed how I can extract files that don’t even look like archives and use 7zip as an extra security tool. I’ve successfully avoided trojans by extracting an executable file to find the real setup file inside. The wrapper executable was just a delivery vehicle for something malicious.

I’ve also loved the way you can treat an ISO image as an archive and open it up to get at specific files. I store a lot of ISO images on my fileserver so now get the best of both worlds: the original ISO images for faithful reproduction along with the ability to access files as almost as easily as a standard folder.

Finally, the most recent thing I discovered and the reason for this post of praise is the ability to open up and access files in a raw hard disk drive image!

I’d made a backup image of a failing 160GB HD using ddrescue and saved it to my server. I then needed to get access to some files on the image and mounted it using the loop device on Linux. The image has multiple partitions so I found the partition I needed, calculated the offset and mounted it. I then got sidetracked and didn’t get round to getting the files and shutdown the PC.

The next morning as I raced to get out of the door on time for a change I remembered I needed some files and logged onto my Windows computer (which was already on). The backup folder was already open and the disk image showed the ImgBurn logo as the .img extension is associated with that.

Imgburn couldn’t open the file but seeing the 7zip entries in my context menu led me to try the ‘Open archive’ option.

Amazingly it could see all the partitions of the RAW image dump and. It took a minute to do as it read the partition info but I could even double-click on the NTFS partitions to see the individual files and folders contained within.

Brilliant!