liveview.sourceforge.net — Live View is a Java-based graphical forensics tool that creates a VMware virtual machine out of a raw (dd-style) disk image or physical disk. This allows the forensic examiner to "boot up" the image or disk and gain an interactive, user-level perspective.
Aug 29, 2006 View in Crawl 4
funkywitdasystmAug 29, 2006
how the hell do i get modded down for answering someone's question? and, moreover, how did the guy who asked a question get modded down?
pantherxAug 29, 2006
Wow. This is awesome. People who don't know what this would be used for... think about what the FBI does when they seize a computer. This will help them speed up their investigations a bit.
koickAug 29, 2006
You don't think they already have little tools like this? Also, if they have 'seized' your computer, they may not care too much about leaving tracks when looking for info.
heemboAug 29, 2006
This is a forensics tool. You use it to get a image of a drive you want to analize, and you can then F with it to your hearts content, in vmware, without 1) needing to ghost the entire drive first and 2) without effecting the source drive first. Security boys all over the world are drooling! If only it wasn't written in *ech* Java!
madh2oratAug 29, 2006
"The description makes it sound like that thing in hackers."Aparently not many people have seen that movie.
jacks0nAug 30, 2006
Wait, so I could create a full image of my modified *nix partition, give it to someone, and they could muck around with it in vmware? Sounds nifty, and very handy for large lans such as universities or companies, installing the same set of programs and OS on each hdd.
remotesojournerAug 30, 2006
Scratch File is like Page File. Temporary Memory on Your Hard disk.. Its a common knowledge so He was modded down..though I think he should not have been.
ytrewqSep 8, 2006
Using a java applet, Live-View creates a VM from a image, DD or workable OS partition(external drives with an install of an OS), and places the necessary VM files like the .VMX and VMXK files in a local folder , then VMServer (or workstation) takes over, pointing to these locally stored vmx files and starting a virtual machine with the unique parameters and data from the target source. Same configuration, files, applications, Internet history, etc. of the system you are inspecting. It does all of this by "pulling" data from the target drive, but writing into the virtual machine files stored on the vm drives. you have the ability to inspect and document stored files, configurations and history without destroying the evidence the target system "might" become.Using QEMU is not supported, but if you can make VM use QEMU and point to the VM folder, why not?The use for this is forensics, or snooping into a drive you have physical control of but you don't want to leave any tracks.