[Libguestfs] [libguestfs] Libguestfs as filesystem forensic tool
noxdafox
noxdafox at gmail.com
Wed Mar 2 15:47:40 UTC 2016
Greetings,
I am playing around with the idea of using libguestfs as a forensic tool
to investigate VM disk images.
Some use cases as example:
* Sandbox for malware analysis.
* Incident response in cloud environments.
Libguestfs is a precious resource in this case as it allows to abstract
the disk image internals and expose them as mountable devices.
Combined with some state of the art tool such as The Sleuth Kit it would
turn it into a pretty powerful forensic tool.
http://www.sleuthkit.org/
I played around with some proof-of-concept and the idea seems to work.
The question I'd like to ask is if this feature would interest the
libguestfs community or if I shall fork the project (libguestforensic?)
and, if so, what is the preferable way to do it.
Thank you.
More information about the Libguestfs
mailing list