Today I witnessed the birth of a major new feature of ZFS.
You’ll all find out about it in a few months, or so.
Couple of years, max.
🙂
Birth
Comments
3 responses to “Birth”
-
re: Birth
It’ll make the tea? 🙂
-
re: Birth
How does it support Electronic Discovery and forensic activities? How easy is it to dd a ZFS filesystem (at a basic level) to another set of hardware? Can it be dumped onto tape/DVD/BluRay?
-
ZFS and Computer Forensics
I’m bouncing some ideas around with colelagues on this one; the short answer is that the forensics community will need to skill up on a different way of approaching “filesystem” forensics, but there are some features of ZFS which will be in a forensic analyst’s dreams, and others which will be in their nightmares.
With proper operational discipline, ZFS could be very wonderful from a security perspective.
As for “dd”, it’s best not to think about that. That’s for imaging traditional filesystems.
ZFS is filesystem, but it is also a volume manager – but unlike LVM on Linux on which you create volumes and then format them up as EXT3 (which explains Chris/JD’s question this weekend about “what filesystem does it use?”, answer: “ZFS”) in ZFS the two are totally hybridised together.
People working from a DD image will have their work cut out.
Leave a Reply