Hi, We'd like to announce the public availability of Live View, a free, open-source (GPL) forensics tool that creates a VMware virtual machine out of a raw (dd-style) disk image or physical disk. Live View allows the forensic examiner to "boot up" the image and gain an interactive, user-level perspective of the environment, all without modifying the underlying image or disk itself. Because all changes are written to a separate file, the examiner can "install" analysis software on the target machine, interact in other ways with the system and instantly revert all changes.
LiveView is written in Java and provides a simple, intuitive graphical interface. It works either with VMware Workstation or the free VMware Server. Please see the project site at: http://liveview.sourceforge.net/ for more details or to download the latest version. Live View was written by Brian Kaplan, and it's development was supported by CERT (http://www.cert.org). -- Matthew Geiger, GCFA GSEC GHTQ CERT PDT Forensics Team Software Engineering Institute Carnegie Mellon University mgeiger .-. cert .-. org
