[Libguestfs] [PATCH 0/2] blkls API to extract unallocated blocks
The blkls API downloads on the host a range of unallocated blocks on the virtual disk
image.
This allows to recover deleted data on filesystems where icat fails.
Example:
guestfish --ro -a /home/noxdafox/ubuntu.qcow2
<fs> run
<fs> mount /dev/sda1 /
<fs> write /test.txt "$foo$bar$"
<fs> rm /test.txt
<fs> umount /
<fs> blkls /dev/sda1 0 8192 blocks.bin
$ strings -t d blocks.bin
516096 $foo$bar$
A more complete example can be found here:
http://wiki.sleuthkit.org/index.php?title=FS_Analysis
Matteo Cafasso (2):
added blkls API
added blkls API tests
daemon/tsk.c | 27 +++++++++++++++++++++++
generator/actions.ml | 19 ++++++++++++++++
src/MAX_PROC_NR | 2 +-
tests/tsk/Makefile.am | 3 ++-
tests/tsk/test-blkls.sh | 58 +++++++++++++++++++++++++++++++++++++++++++++++++
5 files changed, 107 insertions(+), 2 deletions(-)
create mode 100755 tests/tsk/test-blkls.sh
--
2.7.0