Re: Read-only Guests for Anti-Forensics

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Jun 24, 2018 at 23:29:13 +0000, procmem wrote:
> Hello. I'm interested in running guests as read-only to turn them into a
> sort of virtualized "live=cd". The goal is to leave no forensic evidence
> on the host disk or virtual one which would lead to traces on the host
> still- similar to how TAILS works but with the added convenince and
> flexibility of running in a VM. If I set the qcow image to read-only as
> per the manual, will any changes made during a session be written to
> disk (or a transient file on disk)?

Filesystems such as ext4 require write access to the device so they can
play back the journal when mounting. This means that you have to allow
writes.

If you want to be sure that the writes don't touch any image, you need
to create a overlay qcow2 image which will catch the writes and dispose
it after the VM is turned off.

Attachment: signature.asc
Description: PGP signature

_______________________________________________
libvirt-users mailing list
libvirt-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvirt-users

[Index of Archives]     [Virt Tools]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux