Acquire ewf (EnCase) images with ewfacquire on MacOSX/Freebsd/OpenBSD/Linux

The new libewf release now supports writing EWF files using an acquire tool called, ewfacquire. This tool supports reading devices in Linux, FreeBSD, NetBSD, OpenBSD, MacOS-X/Darwin. On other platforms it can convert a raw (dd) image into a EWF file. With the tool you can acquire diskimages just like in Encase or FTK and save the same metadata and hash value within the ewf file.

usage:
./ewfacquire /dev/hda

You can download the sourcecode on the project website:

https://www.uitwisselplatform.nl/projects/libewf/

Leave a Comment