Back to list
New tool announcement: Live View
Aug 25 2006 05:20PM
Matthew Geiger (mgeiger cmu edu)
We'd like to announce the public availability of Live View, a free,
open-source (GPL) forensics tool that creates a VMware virtual machine out of
a raw (dd-style) disk image or physical disk. Live View allows the forensic
examiner to "boot up" the image and gain an interactive, user-level
perspective of the environment, all without modifying the underlying image or
disk itself. Because all changes are written to a separate file, the examiner
can "install" analysis software on the target machine, interact in other ways
with the system and instantly revert all changes.
LiveView is written in Java and provides a simple, intuitive graphical
interface. It works either with VMware Workstation or the free VMware Server.
Please see the project site at:
for more details or to download the latest version.
Live View was written by Brian Kaplan, and it's development was supported by
Matthew Geiger, GCFA GSEC GHTQ
CERT PDT Forensics Team
Software Engineering Institute
Carnegie Mellon University
mgeiger .-. cert .-. org
[ reply ]
Copyright 2010, SecurityFocus