±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 3 Overall: 36445
New Yesterday: 2 Visitors: 119

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

LiveView

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2, 3  Next 
  

keydet89
Senior Member
 

Re: LiveView

Post Posted: Sep 13, 06 03:06

Andy,

> Since posting last I've found a small program...

Great. But is the name and location of that program a secret? If so, why?

Regarding the server component of PD...no, it isn't free, it's part of the product. Sorry. It is a very sweet product...I'm working with 4.8a now.  
 
  

chague
Member
 

Re: LiveView

Post Posted: Sep 13, 06 03:39

> Since posting last I've found a small program...


I think what Andy is referring to is the vmware disk mount utility, but I could be wrong…;-)

www.vmware.com/downloa...s_v55.html  
 
  

keydet89
Senior Member
 

Re: LiveView

Post Posted: Sep 13, 06 03:58

Chague,

Thanks, but I don't think we'll know until Andy lets us know.

Thanks,

H  
 
  

JimmyW
Senior Member
 

Re: LiveView

Post Posted: Sep 18, 06 20:40

- bshavers
I haven't tried this yet (but I'll try it this week), but would it be possible to;
*Edit the machine settings by adding a physical drive (to hold your image)
*Boot your VM suspect machine with a forensic boot floppy/CD
*Create an image of the VM suspect machine to the added physical drive with whatever tool you have on your floppy/CD (encase, replica, safeback, etc..)Brett


Yes, I do this routinely, if this is what you mean: Mount an image as a physical disk with Mount Image Pro, create a VM with a virtual disk, boot it with your CD. Then restore the mounted disk to your VM with, for example, Ghost. This system actually works better in some cases. Mick Penhallurick's paper, which I cited in my ForensicWiki article, describes this in depth. I've found the process will result in a bootable machine when you fail to boot the same image directly.

- keydet89
Andy,

> Since posting last I've found a small program...

Great. But is the name and location of that program a secret? If so, why?


Perhaps its VDK, available free at chitchat.at.infoseek.c...e/vdk.html
I haven't tested it's read-only capability.  
 
  

Andy
Senior Member
 

Re: LiveView

Post Posted: Sep 19, 06 00:13

Sorry, I've been busy and not had chance to catch up with the board.

The software is VMware DiskMount, and I downloaded it from here: -

petruska.stardock.net/...Mware.html

Also, when I posted I completely forgot you can drag a .vmdk file straight info EnCase v 5 and image it out from there.  
 
  

Earn
Senior Member
 

Re: LiveView

Post Posted: Sep 22, 06 00:46

- Andy
I've not really looked too deeply into ProDiscover so forgive my ignorance, but is the server a free utitliy? I'll go on the site and take a look at it.

Since posting last I've found a small program that mounts a vmware image in Windows (and gives you a drive letter), this then let me image the drive as a normal attached device.


.  
 
  

Andy
Senior Member
 

Re: LiveView

Post Posted: Sep 22, 06 01:01

Earn?  
 

Page 2 of 3
Page Previous  1, 2, 3  Next