Forums
Main Category
General (Technical,...
ewfacquire for Wind...
 
Notifications
Clear all

ewfacquire for Windows

 
Page 1 / 2
General (Technical, Procedural, Software, Hardware etc.)
Last Post by balzanto 16 years ago
20 Posts
11 Users
0 Reactions
5,766 Views
RSS
 DFICSI
(@dficsi)
Reputable Member
Joined: 19 years ago
Posts: 283
Topic starter 17/08/2009 3:00 pm  

Does anyone know where I can get hold of a version of ewfacquire for Windows. Need to keep disk space to a minimum and use command line in Windows FE. Trying to see if I can image Shadow Files with ewfacquire.


   
Quote
keydet89
 keydet89
(@keydet89)
Famed Member
Joined: 21 years ago
Posts: 3568
17/08/2009 4:52 pm  

Where have you seen a reference to ewfacquire for Windows?


   
ReplyQuote
 DFICSI
(@dficsi)
Reputable Member
Joined: 19 years ago
Posts: 283
Topic starter 17/08/2009 4:55 pm  

I haven't, just wondered if someone was smart enough to port it over. Still don't understand why such a tool isn't produced by Guidance.


   
ReplyQuote
 seanmcl
(@seanmcl)
Honorable Member
Joined: 19 years ago
Posts: 700
17/08/2009 6:23 pm  

Have you tried compiling it under Cygwin?


   
ReplyQuote
 a_kuiper
(@a_kuiper)
Trusted Member
Joined: 16 years ago
Posts: 69
17/08/2009 8:38 pm  

Get it at http//sourceforge.net/projects/libewf/

The beta-version compiles flawlessly with Visual Studio 2008. No need for Cygwin anymore.


   
ReplyQuote
 Rich2005
(@rich2005)
Honorable Member
Joined: 19 years ago
Posts: 541
17/08/2009 8:57 pm  

I haven't, just wondered if someone was smart enough to port it over. Still don't understand why such a tool isn't produced by Guidance.

I'm confused, surely that's EnCase (with or without the dongle).


   
ReplyQuote
keydet89
 keydet89
(@keydet89)
Famed Member
Joined: 21 years ago
Posts: 3568
17/08/2009 9:14 pm  

Rich,

The library provides the ability to read the EWF format, most often associated with EnCase. However, FTK Imager and now ProDiscover include the ability as well.

The fact is that ewflib is NOT EnCase. Ewflib does not provide a GUI interface nor an EnScript scripting capability.


   
ReplyQuote
 kovar
(@kovar)
Prominent Member
Joined: 18 years ago
Posts: 805
17/08/2009 9:29 pm  

Greetings,

You took Rich's comment out of context. Someone asked why "such a tool isn't produced by Guidance."

The ewfacquire man page says "ewfacquire is a utility to acquire media data from a source and store it in EWF format (Expert Witness Compression Format). ".

EnCase, without the dongle, provides that capability, thus prompting, I presume, Rich's comment. In other words, that tool is provided by Guidance and it is called "EnCase" which, without the dongle, runs in Acquisition mode only, providing the same functionality as ewfacquire though without command line support.

-David


   
ReplyQuote
 Rich2005
(@rich2005)
Honorable Member
Joined: 19 years ago
Posts: 541
17/08/2009 9:30 pm  

Harlan,
I just meant that why would Guidance spend time (ie money) to port ewfacquire, when they already produce the ability to image (even without a dongle) in windows. (and they're flogging their portable edition etc for other stuff)
Rich
Edit (you beat me to this reply David) 😉


   
ReplyQuote
 seanmcl
(@seanmcl)
Honorable Member
Joined: 19 years ago
Posts: 700
17/08/2009 10:21 pm  

Get it at http//sourceforge.net/projects/libewf/

The beta-version compiles flawlessly with Visual Studio 2008. No need for Cygwin anymore.

Except that you have to pay for Visual Studio twisted


   
ReplyQuote
Page 1 / 2
Forum Jump:
  Previous Topic
Next Topic  
Share: