Shujian Yang has written a tool called btrForensics, which can be used for performing Btrfs forensic analysis. Currently the tool has the following capability:

  1. Browse nodes derived from root tree and print information.
  2. Browse nodes in filesystem tree and print information.
  3. List all files in default filesystem tree.
  4. Explore files and subdirectories in default root directory.
  5. Switch to a subvolume or snapshot and explore files within.
  6. Read a file from image and save to current directory.

Check Shujian’s GitHub to learn more about the tool.

Load More Related Articles
Load More In Software

Leave a Reply

Your email address will not be published. Required fields are marked *