>>snip
Correct, liveview with read only will preserve the container file. Not using such method will modify the container file.
Personally, I'm typically never worried about modifying the container file because I'm not working on the original container. I export a working copy out of the image and work on that. What liveview and other similar software do not do is prevent the system from changing, the virtual machine will get changed when you boot it up, attach an ISO, and other similar tasks. It's just part of the price you pay for a live acquisition
In one of the methods I outlined in my blog entry you can convert the Parallels image to a raw disk format and then mount it in Encase like a vmdk file. In this this case you don't need to even boot the thing.
My understanding and observations with LiveView is the changes to the VM are not preserved across restarts. They are cached out to a temp file and are flushed on shutdown.
I particularly like your translation technique. I assume you need a Parallels install which I have available. I'll have to try it out.
My understanding and observations with LiveView is the changes to the VM are not preserved across restarts. They are cached out to a temp file and are flushed on shutdown.
I particularly like your translation technique. I assume you need a Parallels install which I have available. I'll have to try it out.
Exactly. You got it!!