Difference between pages "Linux Repositories" and "QCOW Image Format"

Latest revision as of 06:51, 28 April 2013

QEMU uses the QEMU Copy-On-Write (QCOW) files to store a disk image.

[edit] MIME types

[edit] File signature

QCOW files start with hexadecimal: 0x51 0x46 0x49 0xfb (ASCII: "QFI.")

[edit] File types

Currently there two are versions of the QCOW format; version 1 and 2. Version 2 is the preferred format.

[edit] Contents

The QCOW format is used to store storage media data, e.g. disk images.

The QCOW image file consists of:

the file header
the L1 table (cluster aligned)
the reference count table (cluster aligned)
reference count blocks
snapshot headers (8-byte aligned on cluster boundary)
clusters containing:
- L2 tables
- storage media data

The clusters are 512 bytes of size

[edit] Encryption

The QCOW2 format supports optional AES encryption

[edit] See Also

Disk Images

[edit] External Links

The QCOW Image Format, by Mark McLoughlin, June 2006
The QCOW2 Image Format, by Mark McLoughlin, September 2008
QEMU Copy-On-Write file format, by the libqcow project, December 2010

@@ Line 1: / Line 1: @@
+[[QEMU]] uses the '''QEMU Copy-On-Write (QCOW)''' files to store a disk image.
-There are a number of linux distributions.
+== MIME types ==
-In general they have primary repositories which are setup for every installation of the operating system and they have special purpose repositories which require specific setup.
+== File signature ==
+QCOW files start with hexadecimal: 0x51 0x46 0x49 0xfb (ASCII: "QFI.")
-=Repository Setup=
+== File types ==
-==openSUSE==
+Currently there two are versions of the QCOW format; version 1 and 2. Version 2 is the preferred format.
-For current openSUSE 11.4 and 12.1 users it is necessary to have the following repositories configured:
-*security
+== Contents ==
-*devel:languages:perl
+The QCOW format is used to store storage media data, e.g. disk images.
-*devel:languages:python
-This is most easily done from the command line via (assumes openSUSE 12.1):
+The QCOW image file consists of:
+* the file header
+* the L1 table (cluster aligned)
+* the reference count table (cluster aligned)
+* reference count blocks
+* snapshot headers (8-byte aligned on cluster boundary)
+* clusters containing:
+** L2 tables
+** storage media data
- sudo zypper ar -f <nowiki>http://download.opensuse.org/repositories/security/openSUSE_12.1</nowiki> security
+The clusters are 512 bytes of size
- sudo zypper ar -f <nowiki>http://download.opensuse.org/repositories/devel:/languages:/perl</nowiki>/openSUSE_12.1 perl
- sudo zypper ar -f <nowiki>http://download.opensuse.org/repositories/devel:/languages:/python/openSUSE_12.1</nowiki> python
- zypper lr  <nowiki>           </nowiki>  # used to verify you have the repos installed
-==fedora==
+== Encryption ==
+The QCOW2 format supports optional AES encryption
-[http://www.cert.org/forensics/tools/ CERT] maintains a fedora security repository with a large number of DFIR applicaitons.
+== See Also ==
+* [[Disk Images]]
-==debian==
+== External Links ==
-==ubuntu==
-=Computer Forensic Tools=
+* [http://people.gnome.org/~markmc/qcow-image-format-version-1.html The QCOW Image Format], by [[Mark McLoughlin]], June 2006
-Below is a list of computer forensic tools.  For each tool the repository it can be found in and the version in the repository is shown.
+* [http://people.gnome.org/~markmc/qcow-image-format.html The QCOW2 Image Format], by [[Mark McLoughlin]], September 2008
+* [https://code.google.com/p/libqcow/downloads/detail?name=QEMU%20Copy-On-Write%20file%20format.pdf QEMU Copy-On-Write file format], by the [[libqcow|libqcow project]], December 2010
-As an example, aimage is in the openSUSE security repository and it is version 3.2.5
+[[Category:File Formats]]
-==Imaging Tools==
-{|border="1" cellpadding="2" cellspacing="0" {{repository table}}
-|-
-|rowspan=1| '''Tool'''
-|'''openSUSE'''
-|'''fedora'''
-|'''debian'''
-|'''ubuntu'''
-|'''comment'''
-|'''General Remarks'''
-|-
-|rowspan=1| [http://www.e-fense.com/helix/ adepto]
-|N/A <!-- opensuse -->
-|?              <!-- fedora-->
-|?              <!-- debian-->
-|?              <!-- ubuntu-->
-|  <!-- comment -->
-|adepto is included in the helix boot cd<!-- General Remarks -->
-|-
-|rowspan=1| [[aimage]]
-|security/3.2.5 <!-- opensuse -->
-|?              <!-- fedora-->
-|?              <!-- debian-->
-|?              <!-- ubuntu-->
-|a imaging tool to create aff format images   <!-- comment -->
-|aimage has been EOL'ed.  guymager or ftkimager (windows/mac) are recommended for creating aff images. <!-- General Remarks -->
-|-
-|rowspan=1| [[AIR]]
-|N/A <!-- opensuse -->
-|?              <!-- fedora-->
-|?              <!-- debian-->
-|?              <!-- ubuntu-->
-|Automated Image and Restore   <!-- comment -->
-|a GUI front-end to dd and dc3dd designed for easily creating forensic bit images <!-- General Remarks -->
-|-
-|rowspan=1| [[dc3dd]]
-|security*/7.1.614 <!-- opensuse -->
-|?              <!-- fedora-->
-|?              <!-- debian-->
-|?              <!-- ubuntu-->
-|DoD Cyber Crime Center DD  <!-- comment -->
-|This tool was formerly known as dcfldd.  When released as dc3dd it was totally rewritten. <!-- General Remarks -->
-|-
-|rowspan=1| [[ddrescue]]
-|Base/1.14 <!-- opensuse -->
-|?              <!-- fedora-->
-|?              <!-- debian-->
-|?              <!-- ubuntu-->
-|Also known as GNU ddrescue<!-- comment -->
-|This tool is different than dd_rescue.
-|-
-|rowspan=1| [[dd_rescue]]
-|N/A <!-- opensuse -->
-|?              <!-- fedora-->
-|?              <!-- debian-->
-|?              <!-- ubuntu-->
-|<!-- comment -->
-|This tool is different than GNU ddrescue.
-|-
-|rowspan=1| [[IXimager]]
-|N/A <!-- opensuse -->
-|?              <!-- fedora-->
-|?              <!-- debian-->
-|?              <!-- ubuntu-->
-|A law enforcement only imager<!-- comment -->
-|used in conjunction with ILook Investigator
-|-
-|rowspan=1| [[libewf|ewfacquire]]
-|security*/20100226 <!-- opensuse -->
-|?              <!-- fedora-->
-|?              <!-- debian-->
-|?              <!-- ubuntu-->
-|a imaging tool to create ewf format images   <!-- comment -->
-|ewfacquire is part of ewftools in some distributions.<!-- General Remarks -->
-|-
-|rowspan=1| [[LinEn]]
-|N/A <!-- opensuse -->
-|?              <!-- fedora-->
-|?              <!-- debian-->
-|?              <!-- ubuntu-->
-|a proprietary imaging tool to create ewf format images   <!-- comment -->
-|included on the Helix boot CD<!-- General Remarks -->
-|-
-|rowspan=1| [[guymager]]
-|N/A<!-- opensuse -->
-|?              <!-- fedora-->
-|?              <!-- debian-->
-|?              <!-- ubuntu-->
-|a imaging tool to create aff format images   <!-- comment -->
-|Guymager is an open source forensic imager. It focuses on user friendliness and high speed.  <!-- General Remarks -->
-|-
-|rowspan=1| [http://sourceforge.net/projects/rdd rdd]
-|N/A <!-- opensuse -->
-|?              <!-- fedora-->
-|?              <!-- debian-->
-|?              <!-- ubuntu-->
-|a dd-like tool, with forensic imaging features  <!-- comment -->
-|Rdd is robust with respect to read errors<!-- General Remarks -->
-|-
-|rowspan=1| [ftp://ftp.berlios.de/pub/sdd/ sdd]
-|Archiving:Backup/1.52 <!-- opensuse -->
-|?              <!-- fedora-->
-|?              <!-- debian-->
-|?              <!-- ubuntu-->
-|a dd-like tool<!-- comment -->
-|Designed to work well when IBS != OBS.  Working with tape is an example.<!-- General Remarks -->
-|}
-*package will appear in the base release with the next full distribution release.

Difference between pages "Linux Repositories" and "QCOW Image Format"

Latest revision as of 06:51, 28 April 2013

Contents

[edit] MIME types

[edit] File signature

[edit] File types

[edit] Contents

[edit] Encryption

[edit] See Also

[edit] External Links

Personal tools

Namespaces

Variants

Views

Actions

Search

Navigation:

About forensicswiki.org:

Toolbox