Forums
Main Category
General (Technical,...
ewfacquire for Wind...
 
Notifications
Clear all

ewfacquire for Windows

 
Page 2 / 2
General (Technical, Procedural, Software, Hardware etc.)
Last Post by balzanto 16 years ago
20 Posts
11 Users
0 Reactions
5,771 Views
RSS
 rjmm
(@rjmm)
Active Member
Joined: 18 years ago
Posts: 11
17/08/2009 11:45 pm  

Hi Sean,

You can compile it with visual studio express 2008. You do not have to pay for that version. Codegear support (formerly Borland C++) is in the making.

Kind regards,

RJM


   
ReplyQuote
 DFICSI
(@dficsi)
Reputable Member
Joined: 19 years ago
Posts: 283
Topic starter 19/08/2009 5:57 pm  

Rich and David,

If you read the original post you'll note that I was asking specifically about ewfacquire to image shadow files with Windows FE. I want to try to use ewfacquire to attempt to do the same thing you would do with DD but send it straight to a compressed EWF image instead of an uncompressed DD image.

This being the case Guidance do not currently offer any software to do this. I know that I can use EnCase to take disk images but I was after a command line equivalent that I could use for experimentation with Vista shadow files. Hope this clears up the request.

I may have to look at the Visual Studio option unless someone has a binary available or unless I'm wrong and EnCase can indeed image Vista shadow files and I'm missing something obvious.


   
ReplyQuote
binarybod
 binarybod
(@binarybod)
Reputable Member
Joined: 18 years ago
Posts: 272
19/08/2009 7:00 pm  

Except that you have to pay for Visual Studio twisted

How about Visual Studio Express for free!

Paul


   
ReplyQuote
 DFICSI
(@dficsi)
Reputable Member
Joined: 19 years ago
Posts: 283
Topic starter 19/08/2009 11:21 pm  

For everyone's information, I have successfully created ewfacquire for Windows systems. I'm going to attempt to use this to acquire Vista shadow volumes tomorrow morning. I'll let you know if I'm successful.


   
ReplyQuote
 a_kuiper
(@a_kuiper)
Trusted Member
Joined: 16 years ago
Posts: 69
20/08/2009 12:47 am  

Great to hear that your F7-key is OK ;).

As I said… it compiles flawlessly!


   
ReplyQuote
 DFICSI
(@dficsi)
Reputable Member
Joined: 19 years ago
Posts: 283
Topic starter 20/08/2009 2:44 am  

In fairness, I needed to find some header files and a couple of additional files to make it work, but it seems fine. But thanks for the tip.


   
ReplyQuote
 Crutey
(@crutey)
Eminent Member
Joined: 19 years ago
Posts: 32
20/08/2009 2:51 pm  

Get it at http//sourceforge.net/projects/libewf/

The beta-version compiles flawlessly with Visual Studio 2008. No need for Cygwin anymore.

Except that you have to pay for Visual Studio twisted

Will Visual Studio Express compile what you need, that's free (or at least was)?


   
ReplyQuote
 DFICSI
(@dficsi)
Reputable Member
Joined: 19 years ago
Posts: 283
Topic starter 20/08/2009 5:42 pm  

Compiled fine with Visual Studio C++ Express, but I needed to find a couple of extra header files and such.


   
ReplyQuote
 dforce
(@dforce)
New Member
Joined: 16 years ago
Posts: 4
21/08/2009 3:08 pm  

You can also get Visual Studio 2008 Express edition for free here


   
ReplyQuote
balzanto
 balzanto
(@balzanto)
Trusted Member
Joined: 18 years ago
Posts: 57
05/09/2009 8:27 pm  

Or, download FAU (Forensic Acquisition Utilities) at http//gmgsystemsinc.com/fau/

This works very well in the WinFE environment and it was the tool Troy Larson of Microsoft used to demonstrate imaging mounted shadow volumes.


   
ReplyQuote
Page 2 / 2
Forum Jump:
  Previous Topic
Next Topic  
Share: