EO1 extensions read as windows files

3. It imaged fine but did not verify do to "windows files could not be opened".
4. After taking a look at the EO1 files I see windows is viewing the certain EO1s as native windows files. Examples .ELM (Microsoft Office Themes File; .EMF (is some kind of paint file); .EML (Thunderbird doc); and so on. They even have the icons for the types of files.

Those are file associations to extensions in the Windows Registry, they have nothing to do with the images being "valid" or not.

From #3 I may guess that you have *something* (be it an antivirus, a malware scanner or even some of the stupid services that some application install to "easen" the life of "common users", indexing, checking and what not) running that has prevented the imaging, it's verification or simply the proper "access" to them.

If the image segments were not verified, it did not "image fine".
And 24 hours to image a 2 Tb disk sound a bit too much (of course it depends on what connections you used, if you used a write blocker, etc.).
Also, it is not clear if you imaged the disk (pphysical) or the drive (H\ or *whatever*) and if the disk was offline or what.

Please do provide more information about the exact way you attempted the image and some data on your machine OS/settings/target filesystem and device/etc., remember that the more details you provide the more likely it is that someone can pinpoint an issue in either the setup or in the workflow.

jaclaz

The whole step 4 sounds out of norm.

Sounds like files were copied, instead of the drive imaged… There is no way for Windows natively to open E01 file or browse through it.

Can you re-image the drive?