Notifications

Clear all

Extraction of Forensic images in Linux

General (Technical, Procedural, Software, Hardware etc.)

Last Post by ausnahmefehler 12 years ago

3 Posts

3 Users

0 Reactions

5,822 Views

RSS

ajeet129

(@ajeet129)

Active Member

Joined: 12 years ago

Posts: 16

Topic starter 11/01/2014 12:07 am

Hi,

Do we can extract the forensic images like E01, Ad1 using FTK imager or with any other tool in Linux. If any one know how to do that. Please suggest.

thanks in advance.

Thanks
Ajeet Tiwari

Quote

BitHead

(@bithead)

Noble Member

Joined: 20 years ago

Posts: 1206

11/01/2014 10:25 pm

libewf for E01 (EWF) format files.
https://code.google.com/p/libewf/
http//www.forensicswiki.org/wiki/Libewf

AD1 is a proprietary product from AccessData so you need to use the command line version of FTK Imager available on their site.
http//www.accessdata.com/support/product-downloads

ReplyQuote

ausnahmefehler

(@ausnahmefehler)

New Member

Joined: 16 years ago

Posts: 2

13/01/2014 3:00 pm

hello,

install (e.g. in ubuntu)

sudo apt-get install ewf-tools.

you can export the ewf-file to e.g. a dd-image with command "ewfexport"

but this takes time.
better is to take "xmount" (you get it here https://www.pinguin.lu/ )

after that you can mount the e01-file within one second into a dd-file.
after that you can mount the data (via losetup etc…)

with these two programs to can mount the content of an e01-file within a few minutes.

k.r.

ReplyQuote

8 Forums
15.7 K Topics
92.3 K Posts
304 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed