@hal_pomeranz Are you seeing much forensics with systems using btrfs?
1
No, not at this time. This is a good thing since there isn’t good forensic tool support right now.
1
1
Yeah, we’ve started bouncing our heads (and our tools) against it. The file systems show up as remotely mounted. Very bizarre.
1
Replying to @v3rtig0
I’ve had some success using xfs-dbg as a forensic tool on XFS. Maybe BTRFS has an equivalent dev tool?

Jun 24, 2021 · 12:01 AM UTC

1
1