Difference between revisions of "Libewf"

From ForensicsWiki
Jump to: navigation, search
m (Ewftools moved to Libewf)
Line 1: Line 1:
 
{{Infobox_Software |
 
{{Infobox_Software |
   name = ewftools |
+
   name = libewf |
 
   maintainer = [[Joachim Metz]], [[David Loveall]] |
 
   maintainer = [[Joachim Metz]], [[David Loveall]] |
   os = {{Linux | BSD | MacOS-X | Windows}} |
+
   os = {{Linux | FreeBSD | NetBSD | OpenBSD | Mac OS X | Windows}} |
 
   genre = [[File type support]] |
 
   genre = [[File type support]] |
 
   license = {{LGPL}} |
 
   license = {{LGPL}} |
Line 8: Line 8:
 
}}
 
}}
  
The '''ewftools''' are a [[Linux]] based programs to read and write EnCase E01 and SMART s01 bitstream copies of storage media. It has been ported to other platforms like *BSD, MacOS-X and Windows as well.
+
The '''libewf''' package contains [[Linux]] based library and applications to read and write EnCase E0* and SMART s0* storage media bitstream copies.
 +
It has been ported to other platforms like [[FreeBSD]] [[NetBSD]] [[OpenBSD]] [[Mac OS X]] and [[Windows]] as well.
  
 
== History ==  
 
== History ==  
  
The ewftools were developed by [[Joachim Metz]] while working for [[Hoffmann Investigations]].  
+
Libewf was created by [[Joachim Metz]] in 2006, while working for [http://en.hoffmannbv.nl/ Hoffmann Investigations].
  
The ewftools are part of libewf package which was created in 2006.
+
Libewf is a rewrite of earlier work on the EnCase 4 file format by [[Michael Cohen]] part of [[PyFlag]] and the [http://www.asrdata.com/SMART/whitepaper.html Expert Witness Compression Format Specification] by [Andrew Rosen]. It has been updated to read and write EnCase version 1 to 6 E01 files and SMART s01 files (EWF files). Libewf has initiated an Extended EWF (EWF-X) specifications to bypass limitations on the format imposed by EnCase.
Libewf is a rewrite of earlier work on the EnCase 4 file format by [[Michael Cohen]] part of [[PyFlag]] and the [http://www.asrdata.com/SMART/whitepaper.html Expert Witness Compression Format Specification] by [Andrew Rosen]. It has been updated to read and write EnCase 1 to 6 E01 files and SMART s01 files. Libewf has initiated an Extended EWF (EWF-X) specifications to bypass limitations on the format imposed by EnCase.
+
  
 
Currently libewf partially supports the EnCase L01 format but this functionality has been disabled.
 
Currently libewf partially supports the EnCase L01 format but this functionality has been disabled.
 +
 +
In 2007 [[David Loveall]] contributed mount_ewf.py to the libewf project. This application allows a [[fuse]] based mount of the storage media data in the EWF files to be mounted.
  
 
== Tools ==  
 
== Tools ==  
The ewftools consists of:
+
The '''libewf''' package contains the following tools:
* '''ewfacquire''' and '''ewfacquire''' , which writes storage media data from a device handle to a set of E01 or s01 files.
+
* '''ewfacquire''' and '''ewfacquire''' , which writes storage media data from a device handle EWF files.
* '''ewfexport''', which exports storage media data in a set of E01 or s01 files to raw (dd) format or a specific version of E01 or s01 files.
+
* '''ewfexport''', which exports storage media data in a set of E01 or s01 files to raw (dd) format or a specific version of EWF files.
* '''ewfinfo''', which shows the metadata in a set of E01 or s01 files.
+
* '''ewfinfo''', which shows the metadata in EWF files.
* '''ewfverify''', which verifies the storage media data in a set of E01 or s01 files.
+
* '''ewfverify''', which verifies the storage media data in EWF files.
* '''mount_ewf.py''', which allows the storage media data in a set of E01 or s01 files to be mounted.
+
* '''mount_ewf.py''', which allows the storage media data in a EWF files to be mounted.
 +
 
 +
[[Dennis Schreiber]] created a menu based interface for ewfacquirestream called pyEWF. However this seems currently not to be maintained.
  
 
== External Links ==
 
== External Links ==
  
 
* [http://libewf.sourceforge.net libewf project site]
 
* [http://libewf.sourceforge.net libewf project site]

Revision as of 06:08, 31 January 2009

libewf
Maintainer: Joachim Metz, David Loveall
OS: Linux
Genre: File type support
License: LGPL
Website: libewf.sourceforge.net

The libewf package contains Linux based library and applications to read and write EnCase E0* and SMART s0* storage media bitstream copies. It has been ported to other platforms like FreeBSD NetBSD OpenBSD Mac OS X and Windows as well.

History

Libewf was created by Joachim Metz in 2006, while working for Hoffmann Investigations.

Libewf is a rewrite of earlier work on the EnCase 4 file format by Michael Cohen part of PyFlag and the Expert Witness Compression Format Specification by [Andrew Rosen]. It has been updated to read and write EnCase version 1 to 6 E01 files and SMART s01 files (EWF files). Libewf has initiated an Extended EWF (EWF-X) specifications to bypass limitations on the format imposed by EnCase.

Currently libewf partially supports the EnCase L01 format but this functionality has been disabled.

In 2007 David Loveall contributed mount_ewf.py to the libewf project. This application allows a fuse based mount of the storage media data in the EWF files to be mounted.

Tools

The libewf package contains the following tools:

  • ewfacquire and ewfacquire , which writes storage media data from a device handle EWF files.
  • ewfexport, which exports storage media data in a set of E01 or s01 files to raw (dd) format or a specific version of EWF files.
  • ewfinfo, which shows the metadata in EWF files.
  • ewfverify, which verifies the storage media data in EWF files.
  • mount_ewf.py, which allows the storage media data in a EWF files to be mounted.

Dennis Schreiber created a menu based interface for ewfacquirestream called pyEWF. However this seems currently not to be maintained.

External Links