[Libguestfs] [PATCH 0/2] blkls API to extract unallocated blocks
Matteo Cafasso
noxdafox at gmail.com
Wed Mar 16 21:09:22 UTC 2016
The blkls API downloads on the host a range of unallocated blocks on the virtual disk image.
This allows to recover deleted data on filesystems where icat fails.
Example:
guestfish --ro -a /home/noxdafox/ubuntu.qcow2
><fs> run
><fs> mount /dev/sda1 /
><fs> write /test.txt "$foo$bar$"
><fs> rm /test.txt
><fs> umount /
><fs> blkls /dev/sda1 0 8192 blocks.bin
$ strings -t d blocks.bin
516096 $foo$bar$
A more complete example can be found here:
http://wiki.sleuthkit.org/index.php?title=FS_Analysis
Matteo Cafasso (2):
added blkls API
added blkls API tests
daemon/tsk.c | 27 +++++++++++++++++++++++
generator/actions.ml | 19 ++++++++++++++++
src/MAX_PROC_NR | 2 +-
tests/tsk/Makefile.am | 3 ++-
tests/tsk/test-blkls.sh | 58 +++++++++++++++++++++++++++++++++++++++++++++++++
5 files changed, 107 insertions(+), 2 deletions(-)
create mode 100755 tests/tsk/test-blkls.sh
--
2.7.0
More information about the Libguestfs
mailing list