[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libguestfs] Libguestfs question



On Wed, Mar 14, 2012 at 01:35:30PM +0100, Davide Barbato wrote:
> Sorry Richard, I'll explain.
> As the wikipedia page says[1], "*File carving* is the process of
> reassembling computer files from fragments in the absence of filesystem
> metadata <https://en.wikipedia.org/wiki/Filesystem#Metadata>. The carving
> process makes use of knowledge of common file structures, information
> contained in files, and
> heuristics<https://en.wikipedia.org/wiki/Heuristics#Computer_science>regarding
> how filesystems
> fragment <https://en.wikipedia.org/wiki/File_system_fragmentation> data.
> Fusing these three sources of information, a file carving system
> infers<https://en.wikipedia.org/wiki/Infer>which fragments belong
> together."

I see.  Libguestfs could be useful here because it can remove layers
of complexity -- such as partitions, LVs, encryption -- allowing a
file carving tool to work directly on the filesystem.  Such a tool
would have to be added to the API, and the only one I'm familiar with
(PhotoRec) is highly interactive and thus not really suitable as-is
for integrating with the libguestfs API.  If there is a file carving
tool which works as a library or non-interactive command line tool,
that would be better suited.

> I'm also interested in finding deleted files: I don't know how vmware
> handles filesystem inodes, and if I can recover deleted files.

VMware doesn't really have anything to do with it - the guest
operating system uses its normal method for deleting files, and those
can be recovered using ordinary tools (eg.  ext2undelete,
ntfsundelete).  You just need to add those tools into the libguestfs
API.  See this page for a guide to adding new APIs:

http://libguestfs.org/guestfs.3.html#extending_libguestfs

Actually ext2undelete and ntfsundelete are both on the todo list, and
have been for some time.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming blog: http://rwmj.wordpress.com
Fedora now supports 80 OCaml packages (the OPEN alternative to F#)
http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]