Difference between pages "Libewf" and "Libpff"

Revision as of 05:41, 29 July 2012

libpff
Maintainer:	Joachim Metz
OS:	Linux, FreeBSD, NetBSD, OpenBSD, Mac OS X, Windows
Genre:	Analysis
License:	LGPL
Website:	code.google.com/p/libpff/

The libpff package contains a library and applications to read the Personal Folder File (PAB, PST, OST) format.

History

Libpff was created by Joachim Metz in 2008, while working for Hoffmann Investigations.

Libpff is a rewrite of earlier work on the PST file format by the libpst project.

Libpff is a cross-platform shared library that support PST, OST and PAB files. Currently the data in PAB files is only partially supported. Support was added to deal with corrupted files and to recover data.

Tools

The libpff package contains the following tools:

pffexport, which exports the items stored in PAB, PST and OST (PFF) files
pffinfo, which shows information about PFF files.

pffrecover, has been replaced by pffexport -m recovered

External Links

@@ Line 1: / Line 1: @@
 {{Infobox_Software |
-   name = libewf |
+   name = libpff |
-   maintainer = [[Joachim Metz]], [[David Loveall]] |
+   maintainer = [[Joachim Metz]] |
    os = [[Linux]], [[FreeBSD]], [[NetBSD]], [[OpenBSD]], [[Mac OS X]], [[Windows]] |
-   genre = {{Disk imaging}} |
+   genre = {{Analysis}} |
    license = {{LGPL}} |
-   website = [http://libewf.sourceforge.net libewf.sourceforge.net] |
+   website = [http://code.google.com/p/libpff/ code.google.com/p/libpff/] |
 }}
-The '''libewf''' package contains [[Linux]] based library and applications to read and write EnCase E0* and SMART s0* storage media bitstream copies.
+The '''libpff''' package contains a library and applications to read the [[Personal Folder File (PAB, PST, OST)]] format.
-It has been ported to other platforms like [[FreeBSD]], [[NetBSD]], [[OpenBSD]], [[Mac OS X]], and [[Windows]] as well.
 == History ==
-Libewf was created by [[Joachim Metz]] in 2006, while working for [http://en.hoffmannbv.nl/ Hoffmann Investigations].
+Libpff was created by [[Joachim Metz]] in 2008, while working for [http://en.hoffmannbv.nl/ Hoffmann Investigations].
-Libewf is a rewrite of earlier work on the EnCase 4 file format by [[Michael Cohen]] part of [[PyFlag]] and the [http://www.asrdata.com/SMART/whitepaper.html Expert Witness Compression Format Specification] by [[Andrew Rosen]]. It has been updated to read and write EnCase version 1 to 6 E01 files and SMART s01 files (EWF files). Libewf has initiated an Extended EWF (EWF-X) specifications to bypass limitations on the format imposed by EnCase.
+Libpff is a rewrite of earlier work on the PST file format by the [[libpst|libpst project]].
-libewf also has read support for the EnCase L01 format.
+Libpff is a cross-platform shared library that support PST, OST and PAB files. Currently the data in PAB files is only partially supported.
+Support was added to deal with corrupted files and to recover data.
-In 2007 [[David Loveall]] contributed mount_ewf.py to the libewf project. This application allows a [[fuse]] based mount of the storage media data in the EWF files to be mounted.
 == Tools ==
-The '''libewf''' package contains the following tools:
+The '''libpff''' package contains the following tools:
-* '''ewfacquire''', which writes storage media data from devices and files to EWF files.
+* '''pffexport''', which exports the items stored in PAB, PST and OST (PFF) files
-* '''ewfacquirestream''', which writes data from stdin to EWF files.
+* '''pffinfo''', which shows information about PFF files.
-* '''ewfexport''', which exports storage media data in EWF files to (split) RAW format or a specific version of EWF files.
-* '''ewfinfo''', which shows the metadata in EWF files.
-* '''ewfverify''', which verifies the storage media data in EWF files.
-The '''libewf''' package also contains the following bindings:
+'''pffrecover''', has been replaced by '''pffexport -m recovered'''
-* '''ewf.net''', bindings for .Net
-* '''pyewf''', bindings for Python
-Provided as separate tools on the libewf project site:
+== See Also ==
-* '''mount_ewf.py''', which allows the storage media data in a EWF files to be mounted, contributed by [[David Loveall]] in 2007.
+* [[libpst]]
-* '''libewf-java''', Java (JNA) bindings were contributed by [[Bradley Schatz]] in 2009.
-* '''delphi imdisk proxy''', Borland Delphi imdisk proxy, as an alternative to mount_ewf.py for Windows, contributed by [[Brendan Berney]] in 2010.
-* '''jlibewf''', native Java EWF reader contributed by [[Bruce Allen]] in 2010.
-A menu based interface for ewfacquirestream called pyEWF, contributed by [[Dennis Schreiber]], was originally also available on the uitwisselplatform project site. However this is currently no longer maintained and was not moved to the sourceforge project size. The uitwisselplatform no longer exists. The name pyewf was reused for the libewf Python bindings created by [[David Collett]] which is now included in the libewf package.
-== Examples ==
-Imaging a device on a Unix-based system:
-<pre>
-ewfacquire /dev/sda
-</pre>
-Imaging a device on a Windows system:
-<pre>
-ewfacquire \\.\PhysicalDrive0
-</pre>
-Converting a split RAW into an EWF image
-<pre>
-ewfacquire split.raw.???
-</pre>
-or
-<pre>
-cat split.raw.??? | ewfacquirestream
-</pre>
-Converting an EWF into another EWF format or a (split) RAW image
-<pre>
-ewfexport image.E01
-</pre>
-Exporting files from a logical image (L01)
-<pre>
-ewfexport image.L01
-</pre>
 == External Links ==
+* [http://code.google.com/p/libpff/ Project site]
-* [http://libewf.sourceforge.net libewf project site]
+* [https://sourceforge.net/projects/libpff/ Old project site]

Difference between pages "Libewf" and "Libpff"

Revision as of 05:41, 29 July 2012

Contents

History

Tools

See Also

External Links

Navigation menu

Personal tools

Namespaces

Variants

Views

Actions

Search

Navigation:

About forensicswiki.org:

Toolbox