Live View is a Java-based graphical forensics tool that creates a VMware virtual machine out of a raw (dd-style) disk image or physical disk. This allows the forensic examiner to “boot up” the image or disk and gain an interactive, user-level perspective of the environment, all without modifying the underlying image or disk. Because all changes made to the disk are written to a separate file, the examiner can instantly revert all of his or her changes back to the original pristine state of the disk. The end result is that one need not create extra “throw away” copies of the disk or image to create the virtual machine.
Live View is capable of booting
* Full disk raw images
* Bootable partition raw images
* Physical Disks (attached via a USB or Firewire bridge)
Containing the following operating systems
* Windows XP, 2000, 2003, NT, Me, 98
* Linux (limited support)
Behind the scenes, Live View automates a wide array of technical tasks. Some of these include: resolving hardware conflicts resulting from booting on hardware other than that on which the OS was originally installed; creating a customized MBR for partition-only images; and correctly specifying a virtual disk to match the original image or physical disk.
The draft NIST Special Publication 800-101, Guidelines on Cell Phone Forensics, is available for public comment. The guide outlines general principles and provides technical information intended to aid organizations evolve appropriate policies and procedures for preserving, acquiring, and examining digital evidence found on cell phones. Computer forensic specialists and members of the law enforcement community are encouraged to provide feedback on all or part of the document.
NIST requests submission of public comments on the draft on or before September 29, 2006. Comments may be sent to SP800email@example.com.