@hal_pomeranz Are you seeing much forensics with systems using btrfs?
1
Replying to @v3rtig0
No, not at this time. This is a good thing since there isn’t good forensic tool support right now.

Jun 23, 2021 · 8:51 PM UTC

1
1
Replying to @hal_pomeranz
Yeah, we’ve started bouncing our heads (and our tools) against it. The file systems show up as remotely mounted. Very bizarre.
1
I’ve had some success using xfs-dbg as a forensic tool on XFS. Maybe BTRFS has an equivalent dev tool?
1
1
more replies