Join Us!

Extraction of Foren...
 
Notifications
Clear all

Extraction of Forensic images in Linux  

  RSS
ajeet129
(@ajeet129)
New Member

Hi,

Do we can extract the forensic images like E01, Ad1 using FTK imager or with any other tool in Linux. If any one know how to do that. Please suggest.

thanks in advance.

Thanks
Ajeet Tiwari

Quote
Posted : 10/01/2014 11:07 pm
BitHead
(@bithead)
Community Legend

libewf for E01 (EWF) format files.
https://code.google.com/p/libewf/
http//www.forensicswiki.org/wiki/Libewf

AD1 is a proprietary product from AccessData so you need to use the command line version of FTK Imager available on their site.
http//www.accessdata.com/support/product-downloads

ReplyQuote
Posted : 11/01/2014 9:25 pm
ausnahmefehler
(@ausnahmefehler)
New Member

hello,

install (e.g. in ubuntu)

sudo apt-get install ewf-tools.

you can export the ewf-file to e.g. a dd-image with command "ewfexport"

but this takes time.
better is to take "xmount" (you get it here https://www.pinguin.lu/ )

after that you can mount the e01-file within one second into a dd-file.
after that you can mount the data (via losetup etc…)

with these two programs to can mount the content of an e01-file within a few minutes.

k.r.

a.

ReplyQuote
Posted : 13/01/2014 2:00 pm
Share: