Can Live View boot up images acquired from 64bit OS evidence?
Some said Live View could only boot up images acquired from 32bit OS evidence. I have to say that it's not true. Ok, the best way to prove it is let the evidence speak for themselves~
1. Boot up Windows 7 64bit evidence
2. Live View boot up Linux 64bit evidence
I think the reason why some forensic guys "believe" that Live View could not boot evidence suessfully are as below:
1.They forgot mounting tools(ex: FTK Imager) requires Administrator privileges to run.
2.They forgot Live View requires Administrator privileges to run.
3.Whenever they saw any terrible word(ike "error","warning","failed") in the Live View message boxs, they will shut Live View down immediately without hesitate. Acutally they should be more patient, let Live View to parse and analyze those partitions. When completed they could use VMWare to open the snapshot and see if it works or not. Remember one very important thing : "Don't jump to conclusions too soon"...some forensics should get rid of such kind of bad habit...
It's an Open Source Java-based solution. You guys could take a look at it's website and forums:
http://liveview.sourceforge.net/index.html
http://sourceforge.net/p/liveview/discussion/
By the way, VFC is a commercial solution. In my experience, Live View is better than VFC. Of course it's not 100% guarantee to boot up evidence with Live View(or VFC). Still you have chances fail to boot up and see Blue Death screen...
Can Live View boot up images acquired from 64bit OS evidence?的更多相关文章
- Spring Boot文档
本文来自于springboot官方文档 地址:https://docs.spring.io/spring-boot/docs/current/reference/html/ Spring Boot参考 ...
- The Boot Process at a Glance x86/x64系统启动过程解析
哥又来干体力活了.人肉翻译一下: The Boot Process at a Glance This section explains the boot process in sufficient d ...
- 计算机启动boot
原创博文:转载请标明出处:http://www.cnblogs.com/zxouxuewei 零.boot的含义 先问一个问题,"启动"用英语怎么说? 回答是boot.可是,boo ...
- Android自定义控件:图形报表的实现(折线图、曲线图、动态曲线图)(View与SurfaceView分别实现图表控件)
图形报表很常用,因为展示数据比较直观,常见的形式有很多,如:折线图.柱形图.饼图.雷达图.股票图.还有一些3D效果的图表等. Android中也有不少第三方图表库,但是很难兼容各种各样的需求. 如果第 ...
- View 层
package com.test.mvp.mvpdemo.mvp.v1.view; import android.app.ProgressDialog;import android.os.Bundle ...
- Android ANR分析(2)
转自:http://blog.csdn.net/ruingman/article/details/53118202 定义 主线程在特定的时间内没有做完特定的事情 常见的场景 A.input事件超过 ...
- 【故障•监听】TNS-12518、TNS-00517和 Linux Error:32:Broken pipe
[故障|监听]TNS-12518.TNS-00517和 Linux Error:32:Broken pipe 1.1 BLOG文档结构图 1.2 前言部分 1.2.1 导读和注意事项 各位技术爱 ...
- 开源网络操作系统--VyOS
User Guide Jump to: navigation, search Contents 1 Introduction 2 Installation 3 Using the Command-Li ...
- vyos User Guide
vyos User Guide 来源 https://wiki.vyos.net/wiki/User_Guide The VyOS User Guide is focused on providing ...
随机推荐
- 转-Activity之间数据传递之Intent数据传递
Intent意图 可用于Activity之间的数据传递,一般可分为下面两种情况,从当前Activity传递到目标Activity后有无返回值: 1.传递后无返回值的情况: 1 2 3 4 5 6 7 ...
- Eclipse控制台输出信息的控制
当你在Eclipse中 running/debugging一个应用程序的时候,有关该应用程序的运行调试信息及日志信息都会输出到控制台(console )显示,但是Eclipse只会显示最后一部分的日志 ...
- iOS 审核加急通道使用--转载来源--有梦想的蜗牛
提交完成后进入加急审核页面. 链接:https://developer.apple.com/appstore/contact/appreviewteam/index.html 在i would lik ...
- c# as
as:用于检查在兼容的引用类型之间执行某些类型的转换. Employee myEmployee = myObject as Employee; if (myEmployee != null) { } ...
- 使用tcpdump+Wireshark(或Fiddler)做linux服务器的网络请求分析
我们的服务器上,一般都没有窗口界面,这时候要抓包,用tcpdump是最方便的.而分析网络请求时,wireshark又是相当方便的,这时候我们就需要把它们两个一起来使用了. tcpdump 抓取数据 命 ...
- 算法库:blas, lapack, cblas, clapack, armadillo, openblas, mkl关系
关于blas的介绍介绍见:http://www.cnblogs.com/dzyBK/p/4983953.html blas:提供向量和矩阵的基本运算,用fortran编写. lapack:提供向量和矩 ...
- GridControl 继承写法修改自己的GridControl
namespace GridControlDemo { class MyGridControl : GridControl { protected override BaseView CreateDe ...
- Unity小厨房之-----背后视角摄像机
相信每一个接触过Unity的人,应该都认识Unity引擎自带的那个水管工,也一定知道那个小人模型上挂着3个脚本控制着小人的一切,今天我就来说一下关于Unity背后视角摄像机的实现,当然方法并不唯一,这 ...
- php不使用copy()函数复制文件的方法
本文实例讲述了php不使用copy()函数复制文件的方法.分享给大家供大家参考.具体如下:下面的代码不使用php内置的copy函数,直接通过文件读取写入的操作方式复制文件 <?php funct ...
- maven skip tests
DskipTests=true is short form of -Dmaven.test.skip=true