Extraction of Forensic images in Linux
Do we can extract the forensic images like E01, Ad1 using FTK imager or with any other tool in Linux. If any one know how to do that. Please suggest.
thanks in advance.
libewf for E01 (EWF) format files.
AD1 is a proprietary product from AccessData so you need to use the command line version of FTK Imager available on their site.
install (e.g. in ubuntu)
sudo apt-get install ewf-tools.
you can export the ewf-file to e.g. a dd-image with command "ewfexport"
but this takes time.
better is to take "xmount" (you get it here https://
after that you can mount the e01-file within one second into a dd-file.
after that you can mount the data (via losetup etc…)
with these two programs to can mount the content of an e01-file within a few minutes.