Some said Live View could only boot up images acquired from 32bit OS evidence. I have to say that it's not true. Ok, the best way to prove it is let the evidence speak for themselves~

1. Boot up Windows 7 64bit evidence

2. Live View boot up Linux 64bit evidence

I think the reason why some forensic guys "believe" that Live View could not boot evidence suessfully are as below:

1.They forgot mounting tools(ex: FTK Imager) requires Administrator privileges to run.

2.They forgot Live View requires Administrator privileges to run.

3.Whenever they saw any terrible word(ike "error","warning","failed") in the Live View message boxs, they will shut Live View down immediately without hesitate. Acutally they should be more patient, let Live View to parse and analyze those partitions. When completed they could use VMWare to open the snapshot and see if it works or not. Remember one very important thing : "Don't jump to conclusions too soon"...some forensics should get rid of such kind of bad habit...

It's an Open Source Java-based solution. You guys could take a look at it's website and forums:

http://liveview.sourceforge.net/index.html

http://sourceforge.net/p/liveview/discussion/

By the way, VFC is a commercial solution. In my experience, Live View is better than VFC. Of course it's not 100% guarantee to boot up evidence with Live View(or VFC). Still you have chances fail to boot up and see Blue Death screen...

Can Live View boot up images acquired from 64bit OS evidence?的更多相关文章

  1. Spring Boot文档

    本文来自于springboot官方文档 地址:https://docs.spring.io/spring-boot/docs/current/reference/html/ Spring Boot参考 ...

  2. The Boot Process at a Glance x86/x64系统启动过程解析

    哥又来干体力活了.人肉翻译一下: The Boot Process at a Glance This section explains the boot process in sufficient d ...

  3. 计算机启动boot

    原创博文:转载请标明出处:http://www.cnblogs.com/zxouxuewei 零.boot的含义 先问一个问题,"启动"用英语怎么说? 回答是boot.可是,boo ...

  4. Android自定义控件:图形报表的实现(折线图、曲线图、动态曲线图)(View与SurfaceView分别实现图表控件)

    图形报表很常用,因为展示数据比较直观,常见的形式有很多,如:折线图.柱形图.饼图.雷达图.股票图.还有一些3D效果的图表等. Android中也有不少第三方图表库,但是很难兼容各种各样的需求. 如果第 ...

  5. View 层

    package com.test.mvp.mvpdemo.mvp.v1.view; import android.app.ProgressDialog;import android.os.Bundle ...

  6. Android ANR分析(2)

    转自:http://blog.csdn.net/ruingman/article/details/53118202   定义 主线程在特定的时间内没有做完特定的事情 常见的场景 A.input事件超过 ...

  7. 【故障•监听】TNS-12518、TNS-00517和 Linux Error:32:Broken pipe

    [故障|监听]TNS-12518.TNS-00517和 Linux Error:32:Broken pipe 1.1  BLOG文档结构图 1.2  前言部分 1.2.1  导读和注意事项 各位技术爱 ...

  8. 开源网络操作系统--VyOS

    User Guide Jump to: navigation, search Contents 1 Introduction 2 Installation 3 Using the Command-Li ...

  9. vyos User Guide

    vyos User Guide 来源 https://wiki.vyos.net/wiki/User_Guide The VyOS User Guide is focused on providing ...

随机推荐

  1. jQuery图片延迟加载插件jQuery.lazyload

      插件描述:jQuery图片延迟加载插件jQuery.lazyload,使用延迟加载在可提高网页下载速度.在某些情况下,它也能帮助减轻服务器负载. 使用方法 引用jquery和jquery.lazy ...

  2. 从源代码制作deb包的两种方法以及修改已有deb包(转载)

    From:http://yysfire.github.io/linux/%E4%BB%8E%E6%BA%90%E4%BB%A3%E7%A0%81%E5%88%B6%E4%BD%9Cdeb%E5%8C% ...

  3. C#异步编程 z

    http://www.cnblogs.com/fangyz/p/5134018.html 从.NET4.5开始,用async和await关键字再加上Task.Run是一个非常不错的异步编程模型. 1. ...

  4. 配置HylaFAX传真服务器

    配置HylaFAX传真服务器转自 http://blog.chinaunix.net/uid-8551991-id-248081.html参考:http://www.hylafax.org/howto ...

  5. 【收藏用】--切勿转载JAVA 使用Dom4j 解析XML

    原帖地址 : http://blog.csdn.NET/yyywyr/article/details/38359049 解析XML的方式有很多,本文介绍使用dom4j解析xml. 1.环境准备 (1) ...

  6. expdp导出数据库

    源地址:http://www.cnblogs.com/luluping/archive/2010/03/16/1687093.html 使用EXPDP和IMPDP时应该注意的事项: EXP和IMP是客 ...

  7. CRM SQL 共享

     共四步 ,) PRIMARY KEY CLUSTERED, objectid UNIQUEIDENTIFIER NOT NULL, objecttype INT NOT NULL) ,,'883D4 ...

  8. rman异机恢复(RAC双节点恢复到单节点)

    一.数据库全备 RUN {ALLOCATE CHANNEL ch00 DEVICE TYPE disk;ALLOCATE CHANNEL ch01 DEVICE TYPE disk;backup as ...

  9. task中的一些属性

    1.android:allowTaskReparenting 这个属性用来标记一个Activity实例在当前应用退居后台后,是否能从启动它的那个task移动到有共同affinity的task,“tru ...

  10. namespace用法

    1.在WCF.Controller中定义了一个UserModel,标记为① 2.在WCF.Controller.Model中定义了一个UserModel(同上,namespace不同),标记为② 3. ...