Notifications

Clear all

FTK Imager e01 (ewf) format restoration

General (Technical, Procedural, Software, Hardware etc.)

Last Post by jaclaz 13 years ago

4 Posts

3 Users

0 Reactions

2,006 Views

RSS

KungFuAction

(@kungfuaction)

Estimable Member

Joined: 13 years ago

Posts: 109

Topic starter 05/08/2012 4:36 am

I backed up an entire drive in EWF format. Question of the day how can I restore it back to the original drive (I don't care if it gets wiped). Thanks!

Marc Yu
http//PensacolaForensics.com

Quote

ntexaminer

(@ntexaminer)

Eminent Member

Joined: 14 years ago

Posts: 49

05/08/2012 5:12 am

Marc,

If you have X-Ways available, the Restore Image option is available from the File menu and accepts E01 files as input.

You can also do this in linux using something like mount_ewf.py to mount the E01 as a raw image and dd to write the raw image to your original drive.

HTH

ReplyQuote

KungFuAction

(@kungfuaction)

Estimable Member

Joined: 13 years ago

Posts: 109

Topic starter 05/08/2012 6:24 am

Marc,

If you have X-Ways available, the Restore Image option is available from the File menu and accepts E01 files as input.

You can also do this in linux using something like mount_ewf.py to mount the E01 as a raw image and dd to write the raw image to your original drive.

HTH

Thanks, that helps.

ReplyQuote

jaclaz

(@jaclaz)

Illustrious Member

Joined: 18 years ago

Posts: 5133

05/08/2012 6:13 pm

Marc,
You can also do this in linux using something like mount_ewf.py to mount the E01 as a raw image and dd to write the raw image to your original drive.

More
http//computer-forensics.sans.org/blog/2011/11/28/digital-forensic-sifting-mounting-ewf-or-e01-evidence-image-files

jaclaz

ReplyQuote

8 Forums
15.7 K Topics
92.3 K Posts
336 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed