search for: blkls

The blkls API downloads on the host a range of unallocated blocks on the virtual disk image. This allows to recover deleted data on filesystems where icat fails. Example: guestfish --ro -a /home/noxdafox/ubuntu.qcow2 ><fs> run ><fs> mount /dev/sda1 / ><fs> write /test.txt "...

Thanks, I have pushed this patch series. Could you consider changing: > + optional = Some "icat"; I think it would be nice to have a single feature, and to call the feature "sleuthkit" or "forensics" or something like that. We don't need to have one feature per API since installation of a single package (sleuthkit) is sufficient to make all the APIs

...er API since installation of a single > package (sleuthkit) is sufficient to make all the APIs available. This was something I was a bit confused about. For what I've got, libguestfs checks the availability of something by inspecting its path. TSK is a collection of tools (icat, fls, mmls, blkls...) therefore I was using `icat` to test its presence within the appliance. How could I do it better? Shall I call it `optional = Some "sleuthkit"` and then in the code check for "icat" instead of using the given parameter? Is this considered a "clean" solution? I...

...The Sleuth Kit) is the main tool used for implementing them. Other option could be giving generic names allowing us to change underlying tools without the need of deprecating the old APIs. Examples so far: * icat * tsk_icat * download_inode * blkcat * tsk_blkcat * download_blocks * blkls * tsk_blkls * download_unused_blocks * ffind * tsk_ffind * find_inode ... If we come to some final decision before the next stable release, I'll be glad to rename all the functions accordingly. Signed-off-by: Matteo Cafasso <noxdafox@gmail.com> --- daemon/tsk.c |...

The filesystem_walk0 API parses the FS internals of a partition and returns a list of all the files and directories contained within. It list deleted files and directories as well. For each node, it reports its relative path, its inode and its allocation status. The output is serialised in XDR format and written to the given file. The command is similar to The Sleuth Kit "fls -rp

With this API we complete the set of functions required to extract deleted files/data from most of the available filesystems. The function allows to extract data units (blocks) within a given range from a partition. The tests show an example on how the function can be used to retrieve deleted data. Matteo Cafasso (2): New API: download_blocks Added download_blocks API test

v2: - Rebase on top of master Matteo Cafasso (2): New API: download_blocks Added download_blocks API test daemon/sleuthkit.c | 41 ++++++++++++++++++++++++++- generator/actions.ml | 24 ++++++++++++++++ gobject/Makefile.inc | 2 ++ src/MAX_PROC_NR | 2 +- tests/tsk/Makefile.am | 1 +

The filesystem_walk API parses the FS internals of a partition and returns a list of all the files and directories contained within. It list deleted files and directories as well. For each node, it reports its relative path, its inode and its allocation status. This is the end user API for inspecting a disk partition content. The command can handle filenames with special characters. Example

...external commands they will use, eg: DECLARE_EXTERNAL_COMMANDS ("btrfs", "btrfstune", "btrfsck") and these are collected up by a constructor into an array and can be printed at build time by doing: $ ./daemon/guestfsd --print-external-commands base64 blkid blkls blockdev btrfs btrfsck &c. This also adds a simple test. --- daemon/9p.c | 5 +- daemon/Makefile.am | 5 ++ daemon/available.c | 7 +-- daemon/base64.c | 6 +- daemon/blkid.c...

Replace GUESTFSD_EXT_CMD with a command line option ‘./guestfsd --print-external-commands’

...L)); rs->mounted = true; diff --git a/daemon/sleuthkit.c b/daemon/sleuthkit.c index bdbdb0f89..acda48bc9 100644 --- a/daemon/sleuthkit.c +++ b/daemon/sleuthkit.c @@ -31,9 +31,6 @@ static int send_command_output (const char *cmd); -GUESTFSD_EXT_CMD(str_icat, icat); -GUESTFSD_EXT_CMD(str_blkls, blkls); - int do_download_inode (const mountable_t *mountable, int64_t inode) { @@ -47,8 +44,8 @@ do_download_inode (const mountable_t *mountable, int64_t inode) } /* Construct the command. */ - ret = asprintf (&cmd, "%s -r %s %" PRIi64, - str_icat, mount...

This is a simpler patch that removes GUESTFSD_EXT_CMD completely.