libqcow
libqcow is a library designed to access QEMU Copy-On-Write (QCOW) image file format for digital forensics and analysis purposes. The library provides read-only operations for QCOW versions 1, 2, and 3, enabling investigators to examine virtual machine disk images without modification. It supports zlib (DEFLATE) compression decompression, AES-CBC 128-bit encryption handling, and backing file (differential image) processing. Currently in alpha development status, the library operates under LGPLv3+ licensing. The project includes API functions for file access and is working towards thread-safety implementation. Some features remain unsupported including LUKS encryption, data file handling, and in-image snapshots. The library serves as a foundation for forensic tools that need to analyze QEMU virtual machine disk images in investigations.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A command-line tool for creating hex dumps, converting between binary and human-readable representations, and patching binary files.
Free software for extracting Microsoft cabinet files, supporting all features and formats of Microsoft cabinet files and Windows CE installation files.
A library for accessing and parsing Windows NT Registry File (REGF) format files, designed for digital forensics and registry analysis applications.
Stegextract is a Bash script that extracts hidden files and strings from images, supporting PNG, JPG, and GIF formats.
A digital forensics tool that provides read-only access to file-system objects from various storage media types and file formats.
A library for accessing and parsing Extensible Storage Engine (ESE) Database Files used by Microsoft applications like Windows Search, Exchange, and Active Directory for forensic analysis purposes.
A library to access the Windows New Technology File System (NTFS) format with read-only support for NTFS versions 3.0 and 3.1.
A library to access FileVault Drive Encryption (FVDE) encrypted volumes on Mac OS X systems.
Exterro is a data risk management platform that optimizes e-discovery, digital forensics, and cybersecurity compliance operations.
PINNED
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.