Difference between revisions of "Libewf"
Joachim Metz (Talk | contribs) |
Joachim Metz (Talk | contribs) |
||
| Line 3: | Line 3: | ||
maintainer = [[Joachim Metz]], [[David Loveall]] | | maintainer = [[Joachim Metz]], [[David Loveall]] | | ||
os = [[Linux]], [[FreeBSD]], [[NetBSD]], [[OpenBSD]], [[Mac OS X]], [[Windows]] | | os = [[Linux]], [[FreeBSD]], [[NetBSD]], [[OpenBSD]], [[Mac OS X]], [[Windows]] | | ||
| − | genre = [[ | + | genre = [[Disk imaging]] | |
license = [[LGPL]] | | license = [[LGPL]] | | ||
website = [http://libewf.sourceforge.net libewf.sourceforge.net] | | website = [http://libewf.sourceforge.net libewf.sourceforge.net] | | ||
Revision as of 06:14, 31 January 2009
| libewf | |
|---|---|
| Maintainer: | Joachim Metz, David Loveall |
| OS: | Linux, FreeBSD, NetBSD, OpenBSD, Mac OS X, Windows |
| Genre: | Disk imaging |
| License: | LGPL |
| Website: | libewf.sourceforge.net |
The libewf package contains Linux based library and applications to read and write EnCase E0* and SMART s0* storage media bitstream copies. It has been ported to other platforms like FreeBSD NetBSD OpenBSD Mac OS X and Windows as well.
History
Libewf was created by Joachim Metz in 2006, while working for Hoffmann Investigations.
Libewf is a rewrite of earlier work on the EnCase 4 file format by Michael Cohen part of PyFlag and the Expert Witness Compression Format Specification by [Andrew Rosen]. It has been updated to read and write EnCase version 1 to 6 E01 files and SMART s01 files (EWF files). Libewf has initiated an Extended EWF (EWF-X) specifications to bypass limitations on the format imposed by EnCase.
Currently libewf partially supports the EnCase L01 format but this functionality has been disabled.
In 2007 David Loveall contributed mount_ewf.py to the libewf project. This application allows a fuse based mount of the storage media data in the EWF files to be mounted.
Tools
The libewf package contains the following tools:
- ewfacquire and ewfacquire , which writes storage media data from a device handle EWF files.
- ewfexport, which exports storage media data in a set of E01 or s01 files to raw (dd) format or a specific version of EWF files.
- ewfinfo, which shows the metadata in EWF files.
- ewfverify, which verifies the storage media data in EWF files.
- mount_ewf.py, which allows the storage media data in a EWF files to be mounted.
Dennis Schreiber created a menu based interface for ewfacquirestream called pyEWF. However this seems currently not to be maintained.
