Kvm-qemu interesting secondary functions

I would just like to increase awareness of some of the secondary functions of kvm-qemu. Also my way of saying thank you for the growth of my own skillset from being a member of this community.

Please reply and list more!

  1. Data Recovery - qemu-img appears to do binary level conversion while saving zero space as pattern representation. For example in PtoV ntfs volume, deleted inodes are preserved yet the ouput image does not represent 1 for 1 zero space. Effectively these images can be used for deleted data recovery. While not requiring the same size as the original physical medium. Once mounted as a local block device, data recovery by utilities such as ntfsundelete works normally. Perhaps a poor man’s forensic imaging tool?

  2. Customer machine becomes network block device. qemu-nbd is also amazing. You can pxeboot a customer machine into live linux, use all the ram as tmpfs for a qcow write layer, and source the customer’s own hard drive as a nbd in read only. Niche use case though, and I’ve only done this about 4 odd times. But all windows 10 experiments worked. Was able to boot customers operating system on my bench machine without writing anything to customers hard drive. Possible uses? Super niche.

  3. Re-image. Most shops keep windows’ baselines in virtual machine format. Keep your baselines in kvm-qemu then you typically. Snapshot. sysprep. qemu-img convert back to physical and reboot. Don’t forget to rollback sysprep by discarding the last snapshot. A customer’s machine live booted connecting back to the kvm-qemu virtual hard drive store. With gigabit ethernet and the qcow to physical conversion happening on the host machine. This typically works much faster than conventional wimbooting imaging over samba. And much less of a pita to keep up to date. Still a headache when you need driver injection though.

I’d be happy to share my debian live configs and live boot images that make this work. Though credit where credit is due, it’s mostly from adapting Will Haley’s work from custom live debian. emulation of Wendell’s physical to virtual work, and lots of forum crawling over at ipxe.org.

1 Like