Extraction of Forensic images in Linux

General (Technical, Procedural, Software, Hardware etc.)

Last Post by ausnahmefehler 10 years ago

3 Posts

3 Users

0 Likes

3,793 Views

RSS

ajeet129

(@ajeet129)

Posts: 16

Active Member

Topic starter

Hi,

Do we can extract the forensic images like E01, Ad1 using FTK imager or with any other tool in Linux. If any one know how to do that. Please suggest.

thanks in advance.

Thanks
Ajeet Tiwari

Posted : 11/01/2014 12:07 am

BitHead

(@bithead)

Posts: 1206

Noble Member

libewf for E01 (EWF) format files.
https://code.google.com/p/libewf/
http//www.forensicswiki.org/wiki/Libewf

AD1 is a proprietary product from AccessData so you need to use the command line version of FTK Imager available on their site.
http//www.accessdata.com/support/product-downloads

Posted : 11/01/2014 10:25 pm

ausnahmefehler

(@ausnahmefehler)

Posts: 2

New Member

hello,

install (e.g. in ubuntu)

sudo apt-get install ewf-tools.

you can export the ewf-file to e.g. a dd-image with command "ewfexport"

but this takes time.
better is to take "xmount" (you get it here https://www.pinguin.lu/ )

after that you can mount the e01-file within one second into a dd-file.
after that you can mount the data (via losetup etc…)

with these two programs to can mount the content of an e01-file within a few minutes.

k.r.

Posted : 13/01/2014 3:00 pm

8 Forums
15.5 K Topics
92 K Posts
12 Online
40 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed