similar to: Xen interfaces / hooks

Thank you all for your suggestions! Richard W.M. Jones: > I keep meaning to write a comprehensive "virt-diff" tool. I needed it > myself just yesterday. Most interesting. I guess there are two reasons for creating such a tool: just compare the images (show the diff) and/or check for malicious additions in the other image. Did you consider implementing the former or both? Do

Hi, I've a nasty feeling I know the answer to this post, but I'm gonna ask and pray anyway :-) I just made a rather stupid commandline ordering error and managed to delete a whole load of data (mostly word files/some pics fwiw) with rsync -delete. I know, I'm an idiot (and a big one at that). To make matters worse this was off an ext3 partition, which from what I can find out

Thanks, I have pushed this patch series. Could you consider changing: > + optional = Some "icat"; I think it would be nice to have a single feature, and to call the feature "sleuthkit" or "forensics" or something like that. We don't need to have one feature per API since installation of a single package (sleuthkit) is sufficient to make all the APIs

Greetings, I am playing around with the idea of using libguestfs as a forensic tool to investigate VM disk images. Some use cases as example: * Sandbox for malware analysis. * Incident response in cloud environments. Libguestfs is a precious resource in this case as it allows to abstract the disk image internals and expose them as mountable devices. Combined with some state of the art

The Sleuth Kit is a filesystem forensic tool for accessing disk volumes and extracting digital evidence from. http://www.sleuthkit.org/ The icat API allows to download a file from a device given its metadata number (inode). It supports multiple filesystem types. The icat command allows to access to otherwise unreachable files such as filesystem data structures and deleted files which content is

Hi all, Can dom0 have enough privilege to access domu''s kernel memory using Libvmi functions? Libvmi use xenaccess functions in fact, and as it is a user space library I''m asking this. I wanna read system call table of domu through dom0. Thanks _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel

v2: - Rebase on top of master Matteo Cafasso (2): New API: download_blocks Added download_blocks API test daemon/sleuthkit.c | 41 ++++++++++++++++++++++++++- generator/actions.ml | 24 ++++++++++++++++ gobject/Makefile.inc | 2 ++ src/MAX_PROC_NR | 2 +- tests/tsk/Makefile.am | 1 +

Yes, I rm'ed the wrong directory. The disk has not been written to since, now mounted ro. Is it possible to recover the files without doing forensics on the whole partition? I know the UID and path. XFS is supposed to be pretty amazing, can I get it to do this? Thanks, Dave

As discussed in the topic: https://www.redhat.com/archives/libguestfs/2016-March/msg00018.html I'd like to add to libguestfs the disk forensics capabilities offered by The Sleuth Kit. http://www.sleuthkit.org/ The two APIs I'm adding with the patch are a simple example of which type of features TSK can enable. The icat API it's very similar to the previously added ntfscat_i but it

Hello, I''m interested in establishing a communication channel between the Xen hypervisor and a dom0 userspace application. Ideally this would be a 2-way channel, with the hypervisor asynchronously notifying this application, and then (for certain types of messages) wait for a reply from the userspace consumer. To this end, I''ve been reading xen-devel posts [1], read the

Howyd all? Seems that I have been routed. Possibly by a physical B&E, but who knows? Probably some of you do.... anyways, some politically sensitive email was deleted from a user account and the line low -tr & inserted into my .xinitrc . Duncan (Dhu) Campbell

A lot of people in the security community, myself included, are interested in memory forensics these days. Virtualization is a natural fit with memory forensics because it allows one to get access to a guest's memory without having to introduce any extra software into the guest or otherwise interfere with it. Incident responders are particularly interested in getting memory dumps from

Hi everyone I have the following problem: My dataframe has 3 variables: ID, Year and and an outcome variable. The dataframe contains repeated measurements because the subjects filled out a questionnaire every year. The time span covers 2 years. Now I want to check if there is a significant change in the outcome over the 2 years with a paired wilcox.test. The problem: Not every subject

Hello, I just wanted to save a graphic in the pdf-format. But id failed: Fehler: Invalid font type Zus?tzlich: Warning messages: 1: font family not found in PostScript font database 2: font family not found in PostScript font database I use R 2.6.0 with all packages updated recently. Any idea? Thank you very much! Best, Denis __ Denis Aydin mailto:Denis.Aydin at stud.unibas.ch Montag, 22.

All, Greetings. I am new to this mailing list. We have been working with XML for digital forensics. One of the areas that we wish to create a schema for is the representation of registry entries. We are interested in hivexml as a tool for extracting the registry as an XML representation. In our discussion with possible users, we have generally come to the conclusion that it is useful to

Dear all, I am trying to migrate one of our systems to dovecot. We were using uw-imapd in black-box-mode before. Since the home-directory of a user is not unique per definition on our systems, we have kind of a different setup. As an example: I got a user, let's say user1. It's home directory is /local/web/websites/5850844095/www. This directory has the following permissions: # ls -la

Hi, I try to make a histogram from a variable that contains the number of shoots from about 1000 individuals from a specific plant species (the range is 1-110). Those numbers are highly skewed to the right. My question is: how can I make my own classes with the lattice "histogram"? I tried it with "breaks=c(0,5,10,15,20,25,110)" but my "25-110"-class is presented

Hello, I''m interested in using the mem_event API (or it''s LibVMI wrapper), but I''m interested in capturing write events anywhere in a domU guest''s memory, _and_ not just once for each page write, but every time a page is being written to. To this end, I''ve looked at the xen-access.c example, where at first all the pages are being monitored:

2017-02-20 12:26 GMT+02:00 Daniel P. Berrange <berrange@redhat.com>: > On Sun, Feb 19, 2017 at 07:09:51PM +0200, Matteo Cafasso wrote: > > Rebase patches on top of 1.35.25. > > > > No changes since last series. > > Can you explain the motivation behind adding the APis to libguestfs ? > > Since the libguestfs VM is separate from the real VM, it can't >

Small cosmetic changes. Signed-off-by: Matteo Cafasso <noxdafox@gmail.com> --- daemon/sleuthkit.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/daemon/sleuthkit.c b/daemon/sleuthkit.c index ce738e3..e642731 100644 --- a/daemon/sleuthkit.c +++ b/daemon/sleuthkit.c @@ -47,7 +47,8 @@ do_download_inode (const mountable_t *mountable, int64_t inode) } /*