The blkls API downloads on the host a range of unallocated blocks on the virtual disk image. This allows to recover deleted data on filesystems where icat fails.
Example: guestfish --ro -a /home/noxdafox/ubuntu.qcow2 ><fs> run ><fs> mount /dev/sda1 / ><fs> write /test.txt "$foo$bar$" ><fs> rm /test.txt ><fs> umount / ><fs> blkls /dev/sda1 0 8192 blocks.bin $ strings -t d blocks.bin 516096 $foo$bar$ A more complete example can be found here: http://wiki.sleuthkit.org/index.php?title=FS_Analysis Matteo Cafasso (2): added blkls API added blkls API tests daemon/tsk.c | 27 +++++++++++++++++++++++ generator/actions.ml | 19 ++++++++++++++++ src/MAX_PROC_NR | 2 +- tests/tsk/Makefile.am | 3 ++- tests/tsk/test-blkls.sh | 58 +++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 107 insertions(+), 2 deletions(-) create mode 100755 tests/tsk/test-blkls.sh -- 2.7.0 _______________________________________________ Libguestfs mailing list [email protected] https://www.redhat.com/mailman/listinfo/libguestfs
