It seems that most of the posts I can find show me how to take a VMDK and convert it to an FTK Image for processing. I'd like to go the other way, and get a bootable VMWare image.
I've found the Virtual Forensic Computing tool, but I'm just a hobbyist and cannot afford to buy it. I was hoping LiveView would have been my savior, but it doesn't like the FTK image format.
Is there a tool that will do this for me for free with a little work? For example, I know that if I could get it to just a raw "dd" style dump, then I could use qemu-img covert to make it a VMDK.
Best Answer
Your question is confusing because you refer to the "FTK Image" format which doesn't exist. Perhaps you are referring to AccessData's AD1 format, which is a logical image and doesn't include things like unallocated space?
FTK Imager is a free tool that can create and convert disk images between many formats including the common ones like Encase E01, RAW dd, SMART S01, and Advanced Forensic Format AFF. It sounds like your problem will be solved if you can convert your file to a RAW/dd image since you can use qemu at that point. FTK Imager should be able to convert the format you are calling "FTK Image" into a RAW/dd and it meets your requirements of being free. Use the following steps:
Install FTK Imager or use the portable version and launch the application. File -> Create Disk Image -> Select Source = Image File -> Select your original file -> Finish -> Add Image Destination -> Raw (dd) -> Next -> Next -> Select a destination folder and filename -> Image Fragment Size = 0 -> Finish.