[Libguestfs] Libguestfs as filesystem forensic tool

Richard W.M. Jones rjones at redhat.com
Wed Mar 2 16:24:25 UTC 2016

On Wed, Mar 02, 2016 at 05:59:32PM +0200, noxdafox wrote:
> One of the patches I'm talking about would add TSK (The Sleuth Kit)
> as a dependency within the appliance.
> This would bring new APIs such as:
>  'fls' more powerful 'ls' command allowing to get list of deleted
> files or timelines at a given path.
>  'icat' similar to ntfscat-i but it supports multiple FS.
> Yet I'm not sure whether it's desirable as it is for a narrow use
> case and on my Debian box TSK is a 12Mb binary.

Yes that's a rather large dependency.

However it's possible to use optgroups ["optional" field in
generator/actions.ml] and subpackaging to mean that end users don't
need to install this dependency unless they want it.

Would need to see the patches before really deciding.


Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
libguestfs lets you edit virtual machines.  Supports shell scripting,
bindings from many languages.  http://libguestfs.org

More information about the Libguestfs mailing list