Erik Schamper

Internally we have this already, but it needs a real big polish before it's suitable for open-source! Edit: I only saw #1347 after this issue. Perhaps we can contribute some...

While possible, ASDF is the desired solution for this since it will also work on all other filesystems (i.e. Linux systems).

> It seems some NamespacePlugins would be skipped entirely with this approach: NamespacePlugins without further inheritance, such as the `mft` plugin, which is of course not acceptable. This is a...

If we implement `SEEK_HOLE` in `AlignedStream` we can have a common implementation here and a specific implementation in `MappingStream`.

> I am wondering why we do not map "find the needle" over (adjacent) disk regions of interest, instead of creating a single stream for each disk? Sounds like more...

After some ~soul searching~ thinking this is actually a bug in the scrape plugin: https://github.com/fox-it/dissect.target/blob/95cade3d1f4934d3cd58f499cdf6219240e1db36/dissect/target/plugins/scrape/scrape.py#L103-L106 It can happen when we remove a volume for scraping (i.e. when it's part of...

> How would you propose we implement that in qfind? I guess `find_needles` could have a special case for when `isinstance(fh, MappingStream)` and skip gaps? https://github.com/fox-it/dissect.target/blob/9058c704fa8b1b0cedb0633109bf7de5b15c9573/dissect/target/helpers/scrape.py#L18

@JSCU-CNI I've made some changes, let me know if this works in line with how you would expect this to work. I've made it so that wildcarding will only pick...