Author: Andrew Hay

Live View

Live View is a Java-based graphical forensics tool that creates a VMware virtual machine out of a raw (dd-style) disk image or physical disk. This allows the forensic examiner to “boot up” the image or disk and gain an interactive, user-level perspective of the environment, all without modifying the underlying image or disk. Because all changes made to the disk are written to a separate file, the examiner can instantly revert all of his or her changes back to the original pristine state of the disk. The end result is that one need not create extra “throw away” copies of the disk or image to create the virtual machine.

Live View is capable of booting

* Full disk raw images
* Bootable partition raw images
* Physical Disks (attached via a USB or Firewire bridge)

Containing the following operating systems

* Windows XP, 2000, 2003, NT, Me, 98
* Linux (limited support)

Behind the scenes, Live View automates a wide array of technical tasks. Some of these include: resolving hardware conflicts resulting from booting on hardware other than that on which the OS was originally installed; creating a customized MBR for partition-only images; and correctly specifying a virtual disk to match the original image or physical disk.

Draft Special Publication 800-101, Guidelines on Cell Phone Forensics

The draft NIST Special Publication 800-101, Guidelines on Cell Phone Forensics, is available for public comment. The guide outlines general principles and provides technical information intended to aid organizations evolve appropriate policies and procedures for preserving, acquiring, and examining digital evidence found on cell phones. Computer forensic specialists and members of the law enforcement community are encouraged to provide feedback on all or part of the document.

NIST requests submission of public comments on the draft on or before September 29, 2006. Comments may be sent to SP800-101@nist.gov.

Adobe PDF (1,289 KB)
Zipped PDF (1,005 KB)

Metasploit MS06-040 Demo

Didier Stevens needed to convince someone that patching Windows is necessary. That’s why he made him a short video clip where he uses Metasploit 2.6 to exploit vulnerability MS06-040 on a Windows 2000 SP4 server.

Didier creates a remote shell on the attacked server, connects to it and changes the administrators password to Hacked.

The Metasploit web interface is used to create a higher visual impact.

Scroll to top