Virtual Machine of a real hard drive
This incidents.org article the other day caught my eye. It talked of a utility calledliveview that could take a hard drive (or image of a drive) and make it into a virtual machine for use in vmware (saving all changes to a temporary file so the original structure of the disk/drive image is not touched.) It looks like you need to have Windows as your base platform, but it looks as though it would be a useful tool. Windows Incident Response possibly saw the same note on Incidents.org.
I’m most interested to see how well it does with the hardware environment. One of the headaches I’ve had in converting a windows disk image into a virtual machine is the headache of new hardware detected…..
Still, if you’re not touching the original image, it might be just a reboot or two until you’re ready to take a good like at the running system.