Notifications

Clear all

any alternative to liveview which is actually maintained?

Rampage · 2015-04-14T05:31:15Z

Helloi'm looking for an alternative to liveview that is actually maintained.I need to virtualize a raw DD image from a forensics acquisition.I'd use xmount, but unfortunately at the moment i'm stuck with a windows box, and i have to deal with it.I've also tried to do nasty things like using the FTK image mounter and then adding the "physical drives" to a vmware machine, but that didn't work… pany advice is apreciated.thanks

Page 2 / 2 Prev

General (Technical, Procedural, Software, Hardware etc.)

Last Post by ecophobia 9 years ago

13 Posts

9 Users

0 Reactions

2,496 Views

RSS

gorvq7222

(@gorvq7222)

Reputable Member

Joined: 11 years ago

Posts: 236

24/05/2015 1:16 pm

Hi,

I use Live View on forensics for several years. Since your case is about Win2003 Server, I have to say that Live View could boot Win2003 Server evidence files successfully I think. This is my suggestion
1. Live View requires Administrator privileges to run!!!
2. Make sure you mount evidence files, run Live View , launch VMWare, do excute those tools with Administrator privileges.
3. Take a look at where it failed. If you could generate snapshot and boot, Congratulations~ Is there any blue screen and die..
4. Use Xmount on Linux Platform. Take a chance and it may satisfy you.
5. MD5 VFC - still there is no 100% guarantee!!!

ReplyQuote

Adam10541

(@adam10541)

Honorable Member

Joined: 13 years ago

Posts: 550

23/07/2015 10:28 am

Hi, we had the same issues so we developed our own free method using readily available free software.
We posted the method on my website here..

http//www.nvdigitalforensics.com/2015/02/convert-forensic-image-to-virtual-machine/

Larry

Hi Larry, I've just been trying to use the method you describe in the link but the process seems to be falling down somewhere.

I would also point out there is a typo in the instructions the first word says "vboximanage" when it should just be "vboxmanage" )

But beside that the process all goes smoothly, however the vmdk file that is created is only 1kb in size and on launching the VM nothing really happens, the window just sits on the UEFI shell.

Any thoughts?

Edit further on this I took a step back and converted an E01 to DD, then used VDHtool to convert the dd to vhd, so far so good. Added the VHD with Virtual Box and when attempting to start up it never progresses beyond the UEFI shell command type interface. No errors or anything to indicate a problem.

Edit again disregard I had a tick in the 'EFI' box and this was causing the issue.

ReplyQuote

ecophobia

(@ecophobia)

Estimable Member

Joined: 17 years ago

Posts: 127

06/04/2016 1:55 pm

Old topic, but since LiveView 0.8… the version that "works" with Win7/8 but has never been actually released to the public Link I have been successfully using OpenLV (Open LiveView) in combination with ARSENALIMAGE MOUNTER. It really works well with Windows 7 and Windows Server 2008 OS'es, but not Windows 10 unfortunately.

ReplyQuote

Page 2 / 2 Prev

8 Forums
15.7 K Topics
92.3 K Posts
248 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed