Thursday, January 27, 2011

DEFT 6 and VirtualBox: Maybe it’s just me?


Just a quick-post.

Recently, the DEFT gang released DEFT Linux 6.  This is the next iteration of the DEFT LiveCD for forensics work.

(I’m continuing to make notes for my promised write-up of Xplico and was hoping to work with the latest LiveCD which includes the updated version of Xplico as well for my post, anyway…)

For some reason, when I downloaded the ISO file and attempted to boot it in the latest 4.0 version releases of VirtualBox on my Windows 7, x64 (Home Premium) system, I only got a black screen.

I checked the MD5 for the ISO and it matched perfectly.  The “burned” CD of the same ISO file would work just fine to boot a physical system…so I was at a loss as to why it wouldn’t work in VirtualBox.

I had allocated 1024MB for the virtual machine, and bumped the video RAM allocated up to 16 MB.


My host system is a Dell Studio 15 (1558) with 4GB RAM and an i7 processor.  Should be able to handle things.

For kicks I tried booting my DEFT 5.1 ISO in the same “ISO Loader” VirutalBox machine and had no issues.  It loaded and ran just fine.  Back to using the DEFT 6 ISO file and nothing.

After a couple of days pondering things, I decided to try disabling “VT-x/AMD-V” & “Nested Paging” under the “Acceleration” tab just for kicks n grins.


Guess what?

The DEFT 6 ISO now loaded and was executed just fine by VirtualBox.


Probably just an issue with my particular host system but just in case anyone else is scratching their head getting a non-boot of the DEFT 6 ISO in VirtualBox, it might not hurt to try.

I can enable those settings on other virtual machines in VirtualBox and don’t have any issues so maybe it’s just DEFT 6 specific…


Claus V.


Anonymous said...

Why not download the Xplico VirtualBox appliance directly?

Claus said...

@ Anonymous - Thanks for asking.

I did and they do work just fine without the "tweak" mentioned.

If you look closely in the 2nd screenshot above, just to the left are three VirtualBox machines. The top one is the ISO launcher. The 2nd is the Xplico 5.0 appliance and the 3rd is the newest Xplico 6.0.1 appliance.

They are great.

However, in this specific instance, I wanted to be able to "demo" the LiveCD of DEFT 6 and with it Xplico, rather than an "installed" configuration of Xplico with a different OS environment that the Xplico VirtualBox appliances provide.

Hope that clears your question up.


Claus V.

MarkG said...

I had been trying to get Xplico working on the VMWare VM that I got at the SANS class, however it is not going well. I just could not seem to get it to build. Gave up for the moment, hope to get back to it soon. I used the VBox VM, but I would like all the tools in one VM.


Dennis said...

Thanks for the tip. Fixed the black screen at bootup.