OpenLV: FAQ

Frequently asked Questions.

• What is OpenLV?
• Is OpenLV actually LiveView?
• Wont Booting The Image Destroy Evidence?
• How Do I Run OpenLV?
• How Do I Run on Linux?
• What Image Formats Does OpenLV Handle?
• What Types of Imaged Systems Can Be Booted?
• What if I Only Have an Image of the Bootable Partition and Not the Entire Disk?
• Does OpenLV Handle Split Images?
• Does OpenLV Support Dual Boot Images?
• What Do I Need To Run OpenLV?
• How Do I Make The Virtual Machine Feel Less Sluggish?
• Why Can't I Access The Internet From The Virtual Machine?
• How Can I Transfer Files To And From The Virtual Machine Without Internet Access?
• Why Am I Being Asked To Install Drivers for New Hardware?
• Why Am I Being Asked To Activate The Target OS?
• How Do I Remove All My Changes And Start From Scratch Again?
• I Have a Feature Request, Who Do I Contact?
• Does OpenLV Require Admin Privileges To Run?

What is OpenLV?

• OpenLV is a tool that allows disk images or physical drives to be booted up in a virtual machine and examined in a forensically sound manner.

What is OpenLV?

• OpenLV is a fork of the GPLv2 version of LiveView and continues where LiveView left off. Additionally, LiveView had a complicated distribution model included a private "LE version." OpenLV aimes to be a completely open tool, readily available to all in both source and simple-to-install binary formats.

Won't Booting The Image Destroy Evidence?

• No, OpenLV redirects all changes to a scratch file leaving the original image untouched. OpenLV works just fine on images set as read-only and will even alert the user if the image they are booting is not set as such. One can also run a cryptographic checksum on the image before and after booting with OpenLV to verify the integrity of the evidence.

How Do I Run OpenLV?

• First install OpenLV by double-clicking the installer. It will check your system for all of the requirements and install them as necessary. When the installation completes, you should be able to simply double-click the OpenLV icon on your desktop to start the program.
• Developers and advances users are encouraged to download the current state of the software from github.

How Do I Run OpenLV no Linux?

• We will provide packaged/binary installers someday, but if you want to run it now, all you need is the jar file (in fact, this is all you need in Windows as well so you can use this in lieu of installer if you prefer). Simply download the jar file and execute it like this: "java -jar OpenLV.jar"
• Developers and advances users are encouraged to download the current state of the software from github.

What Image Formats Does OpenLV Handle?

• OpenLV handles exact bit-for-bit (raw) images of disks such as those created with 'dd'. OpenLV is also capable of booting physical disks (not images) attached to the computer directly or via a USB or FireWire bridge. Other image formats (such as EnCase) are not directly supported, but can be booted as physical disks with the use of third party image mounting software such as Mount Image Pro or Physical Disk Emulator. Images can also often be converted to standard bit-for-bit images. For example, the FTK Imager http://www.accessdata.com/support/ can convert Encase images into a standard DD image for use with OpenLV.

What Types of Imaged Systems Can Be Booted?

• Fundamentally, OS limitations are not due to OpenLV, but are due to the underlying virtualization software - though some OpenLV features only apply to certain versions of Windows. OpenLV is known to work with:
• Windows 7
• Windows Server 2008
• Windows Vista
• Windows XP
• Windows 2000
• Windows Server 2003
• Windows NT (Partial Support)
• Windows Me
• Windows 98
• Linux (Partial Support)

• While the above has been verified, we have both a limited set of hardware and system images with which to test OpenLV. We would love receive your feedback on what types of images have worked, failed, and what types you would like to see supported in the future.

What if I Only Have an Image of the Bootable Partition and Not the Entire Disk?

• No problem. OpenLV will automatically detect this and build a Master Boot Record for your partition allowing it to boot.

Does OpenLV Handle Split Images?

• Yes, simply select all of the chunks in the browse dialog by using Ctrl + Click. OpenLV sorts the chunks by their file extensions so be sure that the chunks have either numerically or alphabetically ordered file extensions.

Does OpenLV Support Dual Boot Images?

• Yes, there is full support for the primary operating system on the machine and partial support for the secondary operating system. If you need to boot the secondary OS, simply choose the primary OS in the OpenLV dropdown menu and wait for the OS selection screen to come up while the system is booting. From there, select to boot the secondary OS. In some cases, you may experience a blue screen error which will be fixed once full dual boot support is implemented.

What Do I Need To Run OpenLV?

• Virtualization software, either VirtualBox or a VMware product - VMware Server 1.x Full Install* (Free Download) or VMware Workstation 5.5+ (30 Day Trial)
• Java Runtime Environment (http://www.java.com/getjava/)
• VMware Disk Mount Utility, part of the VDDK (http://www.vmware.com/support/developer/vddk/)
• A "host" examination machine, either Linux or Microsoft Windows Machine (XP, 2000, 2003, Vista, 2008, etc)
• Some Bit-for-Bit Disk Images

How Do I Make The Virtual Machine Feel Less Sluggish?

• Virtual Machines are inherently slower than their hardware counterparts. You can, however, make them feel more responsive by installing virtualization tools into the guest. To do so, in VMware wait until the Virtual Machine boots and then from the VMware Menu select VM->Install VMware Tools. This will require a reboot of the VM.
• You can also ensure that your examination machine is speedy, has ample free space, and has a hardware that specifically supports virtualization (such as Intel VT).

Why Can't I Access The Internet From The Virtual Machine?

• The virtual Ethernet device is purposely disabled to prevent any malware on the virtual machine from spreading or communicating with external hosts once the image has booted. If you need this capability, after OpenLV creates a virtual machine, you can modify the virtual machine settings.

How Can I Transfer Files To And From The Virtual Machine Without Internet Access?

• One way to transfer files between the Virtual Machine and host computer is to install virtualization tools. To do so in VMware, wait until the Virtual Machine boots. On the VMware menu, click VM->Install VMware Tools. Follow the installation wizard to completion. When the installation finishes, you will be required to reboot the Virtual Machine. For quick one time copies, a USB storage device is probably the most convenient option. Insert the device while the Virtual Machine has the focus and on the VMware menu, click VM->Removable Devices->USB Devices and select your USB device. You should also be able to read and transfer files from the CD Drive inside the virtual machine.

Why Am I Being Asked To Install Drivers for New Hardware?

• Operating Systems typically install drivers for the specific set of hardware on which the OS was originally installed. Similar to taking the disk out of one system and booting it up inside a system with different hardware, a virtual machine's virtual hardware will not often match the hardware on which the system was originally installed. For this reason, the OS will attempt to install the missing drivers for that new hardware. If you are prompted for an install CD you may be able to simply hit cancel and continue booting.

Why Am I Being Asked To Activate The Target OS?

• Windows activation is often triggered by "significant" hardware changes in the machine. Weights are assigned to various pieces of hardware and thresholds are set for things like RAM size to determine what is considered a change worthy of requiring reactivation. When booting the target image, Windows may detect VMware's virtual hardware (or lack thereof in the case of the NIC) as a significant hardware change and may require reactivation to log in. For most systems you will be given a grace period which can subsequently be reset an infinite number of times by re-launching the machine "from scratch." Some systems (such as XP without any service packs) may provide no grace period in which case you may need to reactivate the OS. Also, by setting the input parameters for OpenLV (such as RAM size) to match the original hardware as closely as possible, you may decrease the probability of triggering the Windows activation process. More information about Windows activation can be found in the Microsoft Product Activation FAQ.

How Do I Remove All My Changes And Start From Scratch Again?

• If you are working on a system and decide you would like to revert back to the original, click the red stop button in the VMware window and close VMware. Go back to OpenLV and enter in the new options you would like to use and hit the start button. When prompted to continue where you left off or start over, simply select start over and the original image will boot back up without all of the changes that you made while working with it previously.

I Have a Feature Request, Who Do I Contact?

• We would love to hear your feedback on what is useful, what needs to improve, and what you would like to see in future releases of OpenLV. The best way to make such requests is through GitHub's Issues page.

Does OpenLV Require Admin Privileges To Run?

• Yes, unfortunately OpenLV requires Administrator privileges to run. This is because it performs a number of necessary admin only operations (i.e. temporarily loading and unloading registry hives on the host system) in preparing an image to boot in the virtual environment.