Join Us!

Notifications
Clear all

VMWare/Live View  

  RSS
Nige
 Nige
(@nige)
New Member

I am trying to mount a Server 2003 dd image in Live View. Everything works fine until the Windows Logo Screen appears and the I get blue screened. I do not have access to the original hardware. I have tried mounting the image on an XP and Vista host and have used both Live View and FTK3 to mount the image but the result is always the same. Any suggestions or work arounds appreciated please.

Thanks

Quote
Posted : 19/09/2011 6:29 pm
minime2k9
(@minime2k9)
Active Member

You have to remeber that Live view is quite old now, your probably best using VFC2 if you can as it is far more up to date.

I have also heard of people having success with OpenGates as well so might be worth a try.

What version of VMware are you using?

ReplyQuote
Posted : 19/09/2011 6:49 pm
zhaan
(@zhaan)
Member

Just a thought. you could try restoring the image to a similar drive and then try.

I have always had mixed results with LV, overall its been a god send quite often but sometimes, if the OS dont want to play it wont.

Could it possibly be a problem with the OS?

Is there a message within the blue screen, perhaps mentioning a specific cause or driver failure?

I noticed with an ATI driver a few months ago, it would cause a bluey when I was shutting down!

As pointed out, she is getting on…

ReplyQuote
Posted : 21/09/2011 12:02 am
zhaan
(@zhaan)
Member

You could take a look at Virtual Box.

I have been using it recently, it works with ISO's, etc.

Not sure if it works with DD images but if it does it is really impressive.

I have just been looking through the manual but cant see anything.

ReplyQuote
Posted : 21/09/2011 12:11 am
ThePM
(@thepm)
Active Member

Are you able to boot in Safe Mode?

ReplyQuote
Posted : 21/09/2011 12:55 am
lucpel
(@lucpel)
Member

If it mounts using the mount command, it should generally work in FTK3. Did you try something like
#mount -o ro,noexec,loop /image.dd /mount_directory

Once I had an image .dd that didn't work in FTK, but worked in Autopsy.

Sorry if this is too obvious,

ReplyQuote
Posted : 21/09/2011 5:38 am
athulin
(@athulin)
Community Legend

Any suggestions or work arounds appreciated please.

LiveView does not handle all images. In the cases where it doesn't, I've usually got by with 'raw2vmdk' (available at sourceforge)., but there have been cases when that, too, would fail, and some hands-on patching was necessary.

Did you inquire into the reasons for the bluescreen? Checked the error code? Any minidump? That would tell you if the image relied on something that a simple converter could not be expected to support, such as special hardware nor present in your environment. Tried booting in safe mode?

ReplyQuote
Posted : 21/09/2011 12:46 pm
shep47
(@shep47)
Member

I had BSoD problems with LiveView and FTK mounted images and in the end I concluded it was driver conflict (never sourced) on my Win 7 machine as it would work on a colleagues machine but not on mine (and the 'sausage factory' didn't allow me the time to reinstall!). However, I see you have tried it on another machine so this workaround may not be of help.

I created a clean OS VM (didn't update any of the drivers) and installed just VMWare and LiveView on it and run this within my existing installation of Win 7. This iradicated the BSoD instances I was experiencing (probably as the rogue driver had not been installed).

I think all the points in this thread are worth trying as each image is different, 'safe mode' is probably my first choice on a BSoD although I have tried VLC with better success (although I no longer have VLC at my new workplace so it's back to LiveView).

Finally, I always clean out my VM folder immediately before I try to create/run a LiveView mounted VM as I've found any old files in this folder (even a previously good version of a working VM) will interfere with the VM I am trying to run. Also, LiveView sometimes will refuse to create and autorun the VM but by simply going into the VM folder where it started to create the VM files and remaining any of the files with the extension .lck to .txt and then opening the .vmx direct in VMWare will often get the VM working.

ReplyQuote
Posted : 21/09/2011 2:51 pm
chrism
(@chrism)
Member

I've found that when mouting images through FTK to be used with Live View, you must make sure that 'Block Device / Writable' is selected, and that you only mount the Physical Image.

Also I have had it BSoD a few times, mainly on non-standard builds.

ReplyQuote
Posted : 21/09/2011 3:51 pm
Nige
 Nige
(@nige)
New Member

Thanks to everyone who has responded. There are a number of suggestions here which I will work through one by one.

Thanks again for your input.

ReplyQuote
Posted : 22/09/2011 9:38 pm
Share: