libqcow Logo

libqcow

0
Free
Visit Website

libqcow is a library to access the QEMU Copy-On-Write (QCOW) image file format. It supports read-only operations for QCOW versions 1, 2, and 3, with features including zlib (DEFLATE) compression, AES-CBC 128-bit encryption, and backing file (differential image). Currently in alpha status, the library is licensed under LGPLv3+ and has some unsupported features like LUKS encryption, data file, and in-image snapshots. The project is working towards thread-safety in file API functions.

FEATURES

ALTERNATIVES

A library to access FileVault Drive Encryption (FVDE) encrypted volumes on Mac OS X systems.

Toolkit for post-mortem analysis of Docker runtime environments using forensic HDD copies.

Dissect is a digital forensics & incident response framework that simplifies the analysis of forensic artefacts from various disk and file formats.

Python tool for remotely or locally dumping RAM of a Linux client for digital forensics analysis.

Malscan is a tool to scan process memory for YARA matches and execute Python scripts.

A digital investigation platform for parsing, searching, and visualizing evidences with advanced analytics capabilities.

A powerful OSINT tool for creating custom templates for data extraction and analysis

Tool for analyzing Windows Recycle Bin INFO2 file