Difference between pages "Excel Spreadsheet (XLSX)" and "Libewf"
Joachim Metz (Talk | contribs) |
|||
| Line 1: | Line 1: | ||
| − | + | {{Infobox_Software | | |
| − | + | name = libewf | | |
| + | maintainer = [[Joachim Metz]], [[David Loveall]] | | ||
| + | os = [[Linux]], [[FreeBSD]], [[NetBSD]], [[OpenBSD]], [[Mac OS X]], [[Windows]] | | ||
| + | genre = {{Disk imaging}} | | ||
| + | license = {{LGPL}} | | ||
| + | website = [http://libewf.sourceforge.net libewf.sourceforge.net] | | ||
| + | }} | ||
| − | + | The '''libewf''' package contains [[Linux]] based library and applications to read and write EnCase E0* and SMART s0* storage media bitstream copies. | |
| − | + | It has been ported to other platforms like [[FreeBSD]], [[NetBSD]], [[OpenBSD]], [[Mac OS X]], and [[Windows]] as well. | |
| − | + | == History == | |
| − | + | Libewf was created by [[Joachim Metz]] in 2006, while working for [http://en.hoffmannbv.nl/ Hoffmann Investigations]. | |
| − | [[ | + | Libewf is a rewrite of earlier work on the EnCase 4 file format by [[Michael Cohen]] part of [[PyFlag]] and the [http://www.asrdata.com/SMART/whitepaper.html Expert Witness Compression Format Specification] by [[Andrew Rosen]]. It has been updated to read and write EnCase version 1 to 6 E01 files and SMART s01 files (EWF files). Libewf has initiated an Extended EWF (EWF-X) specifications to bypass limitations on the format imposed by EnCase. |
| − | [[ | + | |
| − | [[ | + | Currently libewf partially supports the EnCase L01 format but this functionality has been disabled. |
| + | |||
| + | In 2007 [[David Loveall]] contributed mount_ewf.py to the libewf project. This application allows a [[fuse]] based mount of the storage media data in the EWF files to be mounted. | ||
| + | |||
| + | == Tools == | ||
| + | The '''libewf''' package contains the following tools: | ||
| + | * '''ewfacquire''' and '''ewfacquire''', which writes storage media data from a device handle EWF files. | ||
| + | * '''ewfexport''', which exports storage media data in a set of E01 or s01 files to raw (dd) format or a specific version of EWF files. | ||
| + | * '''ewfinfo''', which shows the metadata in EWF files. | ||
| + | * '''ewfverify''', which verifies the storage media data in EWF files. | ||
| + | * '''mount_ewf.py''', which allows the storage media data in a EWF files to be mounted. | ||
| + | |||
| + | [[Dennis Schreiber]] created a menu based interface for ewfacquirestream called pyEWF. However this seems currently not to be maintained. | ||
| + | |||
| + | == Examples == | ||
| + | |||
| + | Imaging a device on a Unix-based system: | ||
| + | <pre> | ||
| + | ewfacquire /dev/sda | ||
| + | </pre> | ||
| + | |||
| + | Imaging a device on a Windows system: | ||
| + | <pre> | ||
| + | ewfacquire \\.\PhysicalDrive0 | ||
| + | </pre> | ||
| + | |||
| + | Converting a split RAW into an EWF image | ||
| + | <pre> | ||
| + | ewfacquire split.raw.??? | ||
| + | </pre> | ||
| + | |||
| + | or | ||
| + | |||
| + | <pre> | ||
| + | cat split.raw.??? | ewfacquirestream | ||
| + | </pre> | ||
| + | |||
| + | Converting an EWF into another EWF format or a (split) RAW image | ||
| + | <pre> | ||
| + | ewfexport image.E01 | ||
| + | </pre> | ||
| + | |||
| + | == External Links == | ||
| + | |||
| + | * [http://libewf.sourceforge.net libewf project site] | ||
| + | * [https://www.uitwisselplatform.nl/projects/libewf/ old libewf project site] | ||
Revision as of 11:27, 13 October 2010
| libewf | |
|---|---|
| Maintainer: | Joachim Metz, David Loveall |
| OS: | Linux, FreeBSD, NetBSD, OpenBSD, Mac OS X, Windows |
| Genre: | Disk imaging |
| License: | LGPL |
| Website: | libewf.sourceforge.net |
The libewf package contains Linux based library and applications to read and write EnCase E0* and SMART s0* storage media bitstream copies.
It has been ported to other platforms like FreeBSD, NetBSD, OpenBSD, Mac OS X, and Windows as well.
Contents |
History
Libewf was created by Joachim Metz in 2006, while working for Hoffmann Investigations.
Libewf is a rewrite of earlier work on the EnCase 4 file format by Michael Cohen part of PyFlag and the Expert Witness Compression Format Specification by Andrew Rosen. It has been updated to read and write EnCase version 1 to 6 E01 files and SMART s01 files (EWF files). Libewf has initiated an Extended EWF (EWF-X) specifications to bypass limitations on the format imposed by EnCase.
Currently libewf partially supports the EnCase L01 format but this functionality has been disabled.
In 2007 David Loveall contributed mount_ewf.py to the libewf project. This application allows a fuse based mount of the storage media data in the EWF files to be mounted.
Tools
The libewf package contains the following tools:
- ewfacquire and ewfacquire, which writes storage media data from a device handle EWF files.
- ewfexport, which exports storage media data in a set of E01 or s01 files to raw (dd) format or a specific version of EWF files.
- ewfinfo, which shows the metadata in EWF files.
- ewfverify, which verifies the storage media data in EWF files.
- mount_ewf.py, which allows the storage media data in a EWF files to be mounted.
Dennis Schreiber created a menu based interface for ewfacquirestream called pyEWF. However this seems currently not to be maintained.
Examples
Imaging a device on a Unix-based system:
ewfacquire /dev/sda
Imaging a device on a Windows system:
ewfacquire \\.\PhysicalDrive0
Converting a split RAW into an EWF image
ewfacquire split.raw.???
or
cat split.raw.??? | ewfacquirestream
Converting an EWF into another EWF format or a (split) RAW image
ewfexport image.E01
