[Libguestfs] Libguestfs as filesystem forensic tool
Richard W.M. Jones
rjones at redhat.com
Wed Mar 2 16:24:25 UTC 2016
On Wed, Mar 02, 2016 at 05:59:32PM +0200, noxdafox wrote:
> One of the patches I'm talking about would add TSK (The Sleuth Kit)
> as a dependency within the appliance.
>
> This would bring new APIs such as:
> 'fls' more powerful 'ls' command allowing to get list of deleted
> files or timelines at a given path.
> 'icat' similar to ntfscat-i but it supports multiple FS.
>
> Yet I'm not sure whether it's desirable as it is for a narrow use
> case and on my Debian box TSK is a 12Mb binary.
Yes that's a rather large dependency.
However it's possible to use optgroups ["optional" field in
generator/actions.ml] and subpackaging to mean that end users don't
need to install this dependency unless they want it.
Would need to see the patches before really deciding.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages. http://libguestfs.org
More information about the Libguestfs
mailing list