Today the Software Engineering Institute of the Carnegie Mellon University (CMU) announced a new tool named LiveView on the forensics mailing list at security focus.
This tools looks really promising in that it claims to provide a way to create a VMWare image from a physical disk or raw disk image (e.g. created with DD). Such a tool will allow security researchers to inspect an infected machine without having to be at the site of the incident. Although CMU introduced the tool to forensics specialists, it can be used in various ways apart from the main objective. Such a tool should have been published long ago by the VM vendors. Thank CERT and CMU we now have this tool to aid in different ways during an investigation of malware targets.
Check it out!
// Oliver
Pingback: SecuriTeam Blogs » LiveView - Work with imaged drives on VMware