Notifications
Clear all

LiveView

15 Posts
8 Users
0 Likes
721 Views
hunterw
(@hunterw)
Posts: 13
Active Member
Topic starter
 

Has anyone ever used LiveView, validated it, etc . . . . ??

http//liveview.sourceforge.net/

 
Posted : 30/08/2006 5:57 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

Don't know what you mean by "validated it", but…

http//windowsir.blogspot.com/2006/08/liveview.html

 
Posted : 30/08/2006 7:39 pm
 Andy
(@andy)
Posts: 357
Reputable Member
 

Live View does a brilliant job of converting DD image file data for VMWare, but does anyone have an easy method of converting a VMware (vmdk) image to a DD (or EnCase) image, or any methods for creating an image from a VMware guest?

Andy

 
Posted : 09/09/2006 2:07 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

Yes, I do. Fire up the VMWare guest, pop in a CD containing the ProDiscoverIR Server agent, and acquire the image.

 
Posted : 09/09/2006 4:53 pm
 Andy
(@andy)
Posts: 357
Reputable Member
 

I've not really looked too deeply into ProDiscover so forgive my ignorance, but is the server a free utitliy? I'll go on the site and take a look at it.

Since posting last I've found a small program that mounts a vmware image in Windows (and gives you a drive letter), this then let me image the drive as a normal attached device.

 
Posted : 10/09/2006 1:33 am
bshavers
(@bshavers)
Posts: 210
Estimable Member
 

I haven't tried this yet (but I'll try it this week), but would it be possible to;
*Edit the machine settings by adding a physical drive (to hold your image)
*Boot your VM suspect machine with a forensic boot floppy/CD
*Create an image of the VM suspect machine to the added physical drive with whatever tool you have on your floppy/CD (encase, replica, safeback, etc..)

Brett

 
Posted : 12/09/2006 4:25 am
(@dietro)
Posts: 51
Trusted Member
 

but does anyone have an easy method of converting a VMware (vmdk) image to a DD (or EnCase) image, or any methods for creating an image from a VMware guest?

Point FTK Imager to the VMDK file and it will open it as if it were a disk image. You can then export an image of it.

 
Posted : 12/09/2006 6:18 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

Andy,

> Since posting last I've found a small program…

Great. But is the name and location of that program a secret? If so, why?

Regarding the server component of PD…no, it isn't free, it's part of the product. Sorry. It is a very sweet product…I'm working with 4.8a now.

 
Posted : 13/09/2006 3:06 am
(@chague)
Posts: 33
Eminent Member
 

> Since posting last I've found a small program…

I think what Andy is referring to is the vmware disk mount utility, but I could be wrong…;-)

http//www.vmware.com/download/eula/diskmount_ws_v55.html

 
Posted : 13/09/2006 3:39 am
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

Chague,

Thanks, but I don't think we'll know until Andy lets us know.

Thanks,

H

 
Posted : 13/09/2006 3:58 am
Page 1 / 2
Share: