similar to: [PATCH] sleuthkit availability check renamed

Displaying 20 results from an estimated 500 matches similar to: "[PATCH] sleuthkit availability check renamed"

2016 Mar 29
2
[PATCH] renamed daemon/tsk.c to daemon/sleuthkit.c
In order to support the new features I am renaming the file with a better name. The file sleuthkit.c will contain the code depending on the sleuthkit package. The original tsk.c file will contain the logic built using libtsk which is the sleuthkit core library. This patch is ready for review. Code available at: https://github.com/noxdafox/libguestfs/tree/sleuthkit_rename Signed-off-by: Matteo
2016 Mar 29
0
[PATCH 1/2] rename icat API to download_inode
Signed-off-by: Matteo Cafasso <noxdafox@gmail.com> --- daemon/sleuthkit.c | 79 ++++++++++++++++++++++++++++------------------------ generator/actions.ml | 6 ++-- 2 files changed, 47 insertions(+), 38 deletions(-) diff --git a/daemon/sleuthkit.c b/daemon/sleuthkit.c index 0fe1250..536febb 100644 --- a/daemon/sleuthkit.c +++ b/daemon/sleuthkit.c @@ -29,55 +29,55 @@ #include
2016 Mar 06
0
[PATCH 1/2] added icat and fls0 APIs
Signed-off-by: Matteo Cafasso <noxdafox@gmail.com> --- appliance/packagelist.in | 3 ++ daemon/Makefile.am | 1 + daemon/tsk.c | 122 +++++++++++++++++++++++++++++++++++++++++++++++ generator/actions.ml | 33 +++++++++++++ po/POTFILES | 1 + src/MAX_PROC_NR | 2 +- 6 files changed, 161 insertions(+), 1 deletion(-) create mode 100644
2016 Mar 30
0
[PATCH 1/3] Rename icat command in download_inode
The "icat" name comes from the employed command line tool which might be replaced at any time with a different implementation. The command name is a bit confusing because it's similar to "cat" but act as "donwload". download_inode is more clear and descriptive. Signed-off-by: Matteo Cafasso <noxdafox@gmail.com> --- daemon/sleuthkit.c | 2
2016 Mar 07
0
[PATCH 2/3] added icat API to retrieve deleted or inaccessible files
Signed-off-by: Matteo Cafasso <noxdafox@gmail.com> --- daemon/Makefile.am | 1 + daemon/tsk.c | 114 +++++++++++++++++++++++++++++++++++++++++++++++++++ generator/actions.ml | 13 ++++++ po/POTFILES | 1 + src/MAX_PROC_NR | 2 +- 5 files changed, 130 insertions(+), 1 deletion(-) create mode 100644 daemon/tsk.c diff --git a/daemon/Makefile.am
2016 Mar 07
4
[PATCH 0/3] added The Sleuth Kit and icat API for downloading inaccessible files
The Sleuth Kit is a filesystem forensic tool for accessing disk volumes and extracting digital evidence from. http://www.sleuthkit.org/ The icat API allows to download a file from a device given its metadata number (inode). It supports multiple filesystem types. The icat command allows to access to otherwise unreachable files such as filesystem data structures and deleted files which content is
2016 Mar 30
4
[PATCH 0/3] rename icat API into download_inode
The command name is a bit confusing because it's similar to "cat" but act as "donwload". Therefore I am renaming it with a more clear name. At the same go I cleaned up a bit the code following the standards and improved the API documentation. This patch is ready for review. Code available at: https://github.com/noxdafox/libguestfs/tree/download_inode Matteo Cafasso (3):
2016 Mar 29
3
[PATCH 0/2] rename icat API as download_inode
"icat" name comes from the employed command line tool which might be replaced later on with a different implementation. The command name is a bit confusing because it's similar to "cat" but act as "donwload". Therefore I am renaming it with a more clear name. At the same time I cleaned up a bit the code and improved it's readability and code comments. This
2016 Mar 22
0
[PATCH v2] added find_inode API
Renamed ffind API to find_inode. Renamed tsknode struct to tsk_node. Changed struct field from int64 to uint64. As pointed out on IRC it would be better to agree on some naming convention. One option would be to prefix all the forensics APIs with tsk_ as TSK (The Sleuth Kit) is the main tool used for implementing them. Other option could be giving generic names allowing us to change underlying
2016 Mar 07
0
Re: [PATCH 2/3] added icat API to retrieve deleted or inaccessible files
On 07/03/16 21:45, Richard W.M. Jones wrote: > Thanks, I have pushed this patch series. > > Could you consider changing: > >> + optional = Some "icat"; > I think it would be nice to have a single feature, and to call the > feature "sleuthkit" or "forensics" or something like that. We don't > need to have one feature per API since
2016 Mar 06
5
[PATCH 0/2] added icat and fls0 APIs for deleted files recovery
As discussed in the topic: https://www.redhat.com/archives/libguestfs/2016-March/msg00018.html I'd like to add to libguestfs the disk forensics capabilities offered by The Sleuth Kit. http://www.sleuthkit.org/ The two APIs I'm adding with the patch are a simple example of which type of features TSK can enable. The icat API it's very similar to the previously added ntfscat_i but it
2016 Mar 07
2
Re: [PATCH 2/3] added icat API to retrieve deleted or inaccessible files
Thanks, I have pushed this patch series. Could you consider changing: > + optional = Some "icat"; I think it would be nice to have a single feature, and to call the feature "sleuthkit" or "forensics" or something like that. We don't need to have one feature per API since installation of a single package (sleuthkit) is sufficient to make all the APIs
2016 Aug 08
1
[PATCH] sleuthkit code cleanup
Small cosmetic changes. Signed-off-by: Matteo Cafasso <noxdafox@gmail.com> --- daemon/sleuthkit.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/daemon/sleuthkit.c b/daemon/sleuthkit.c index ce738e3..e642731 100644 --- a/daemon/sleuthkit.c +++ b/daemon/sleuthkit.c @@ -47,7 +47,8 @@ do_download_inode (const mountable_t *mountable, int64_t inode) } /*
2016 Mar 07
2
Re: [PATCH 0/2] added icat and fls0 APIs for deleted files recovery
On 07/03/16 13:29, Richard W.M. Jones wrote: > On Sun, Mar 06, 2016 at 05:42:24PM +0200, Matteo Cafasso wrote: >> As discussed in the topic: https://www.redhat.com/archives/libguestfs/2016-March/msg00018.html >> >> I'd like to add to libguestfs the disk forensics capabilities offered by The Sleuth Kit. >> http://www.sleuthkit.org/ >> >> The two APIs
2016 Mar 07
0
Re: [PATCH 0/2] added icat and fls0 APIs for deleted files recovery
On Sun, Mar 06, 2016 at 05:42:24PM +0200, Matteo Cafasso wrote: > As discussed in the topic: https://www.redhat.com/archives/libguestfs/2016-March/msg00018.html > > I'd like to add to libguestfs the disk forensics capabilities offered by The Sleuth Kit. > http://www.sleuthkit.org/ > > The two APIs I'm adding with the patch are a simple example of which type of features
2016 Mar 30
0
Re: [PATCH] renamed daemon/tsk.c to daemon/sleuthkit.c
On Tuesday 29 March 2016 22:56:29 Matteo Cafasso wrote: > In order to support the new features I am renaming the file with a better name. > > The file sleuthkit.c will contain the code depending on the sleuthkit package. > > The original tsk.c file will contain the logic built using libtsk > which is the sleuthkit core library. Makes sense, pushed to git with two small
2016 Mar 14
2
[PATCH 0/2] blkcat API to extract device data units
blkcat allows to extract files given their data units (clusters for NTFS, fragments for ExtX). This API allows to recover files which icat cannot. For example icat often fails retrieving deleted files on Ext3/Ext4 filesystems. As this API works at data unit level, some garbage at the beginning or at the end of the files is expected. An example of blkcat can be found here:
2016 Mar 02
2
Re: Libguestfs as filesystem forensic tool
On 02/03/16 17:53, Richard W.M. Jones wrote: > On Wed, Mar 02, 2016 at 05:47:40PM +0200, noxdafox wrote: >> Greetings, >> >> I am playing around with the idea of using libguestfs as a forensic >> tool to investigate VM disk images. >> >> Some use cases as example: >> * Sandbox for malware analysis. >> * Incident response in cloud environments.
2016 Mar 16
2
[PATCH 0/2] blkls API to extract unallocated blocks
The blkls API downloads on the host a range of unallocated blocks on the virtual disk image. This allows to recover deleted data on filesystems where icat fails. Example: guestfish --ro -a /home/noxdafox/ubuntu.qcow2 ><fs> run ><fs> mount /dev/sda1 / ><fs> write /test.txt "$foo$bar$" ><fs> rm /test.txt ><fs> umount / ><fs> blkls
2016 Mar 07
0
Re: [PATCH 0/2] added icat and fls0 APIs for deleted files recovery
On Mon, Mar 07, 2016 at 08:14:41PM +0200, noxdafox wrote: > As the API documentation says, this is the low level API which I > have provided as an example. > > I took inspiration from the guestfs_ls0 API which does a similar job > storing the content of a directory onto a host file. > > If I understood correctly (the dynamic code generation is still > confusing me a bit),