[Libguestfs] Libguestfs as filesystem forensic tool

Richard W.M. Jones rjones at redhat.com
Wed Mar 2 16:24:25 UTC 2016


On Wed, Mar 02, 2016 at 05:59:32PM +0200, noxdafox wrote:
> One of the patches I'm talking about would add TSK (The Sleuth Kit)
> as a dependency within the appliance.
> 
> This would bring new APIs such as:
>  'fls' more powerful 'ls' command allowing to get list of deleted
> files or timelines at a given path.
>  'icat' similar to ntfscat-i but it supports multiple FS.
> 
> Yet I'm not sure whether it's desirable as it is for a narrow use
> case and on my Debian box TSK is a 12Mb binary.

Yes that's a rather large dependency.

However it's possible to use optgroups ["optional" field in
generator/actions.ml] and subpackaging to mean that end users don't
need to install this dependency unless they want it.

Would need to see the patches before really deciding.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
libguestfs lets you edit virtual machines.  Supports shell scripting,
bindings from many languages.  http://libguestfs.org




More information about the Libguestfs mailing list