Scroll to navigation

ewfexport LOCAL ewfexport

NAME

ewfexportexports media data stored in EWF files

SYNOPSIS

ewfexport [-A codepage] [-B amount_of_bytes] [-c compression_type] [-d digest_type] [-f format] [-l log_filename] [-o offset] [-p process_buffer_size] [-S segment_file_size] [-t target] [-hqsuvVw] ewf_files

DESCRIPTION

ewfexport is a utility to export media data stored in EWF files.
ewfexport is part of the libewf package. libewf is a library to support the Expert Witness Compression Format (EWF). libewf supports both the SMART format (EWF-S01) and the EnCase format (EWF-E01). libewf currently does not support the Logical Volume format (EWF-L01). EWF-X is an expirimental format intended for testing purposes to enhance the EWF format. libewf allows you to read and write media data in the EWF format.
ewf_files the first or the entire set of EWF segment files
The options are as follows:
-A codepage
the codepage of header section, options: ascii (default), windows-874, windows-1250, windows-1251, windows-1252, windows-1253, windows-1254, windows-1255, windows-1256, windows-1257, windows-1258
-B amount_of_bytes
the amount of bytes to export
-c compression_type
the compression type, options: none (default), empty-block, fast, best (not used for raw format)
-d digest_type
calculate additional digest (hash) types besides md5, options: sha1 (not used for raw format)
-f format
the file format to write to, options: raw (default), ewf, smart, ftk, encase1, encase2, encase3, encase4, encase5, encase6, linen5, linen6, ewfx.
-h
shows this help
-l log_filename
logs export errors and the digest (hash) to the log filename
-o offset
the offset to start the export (default is 0)
-p process_buffer_size
the process buffer size (default is the chunk size)
-s
swap byte pairs of the media data (from AB to BA) (use this for big to little endian conversion and vice versa)
-S segment_file_size
the segment file size in bytes (default is 1.4 GiB) (minimum is 1.0 MiB, maximum is 7.9 EiB for encase6 format and 1.9 GiB for other formats) (not used for raw format)
-t target
the target file to export to, use - for stdout (default is export) stdout is only supported for the raw format
-u
unattended mode (disables user interaction)
-v
verbose output to stderr
-V
print version
-w
wipe sectors on CRC error (mimic EnCase like behavior)

ENVIRONMENT

None

FILES

None

EXAMPLES

ewfexport will ask the information it needs. 
# ewfexport floppy.E01 
ewfexport 20090229 (libewf 20090229, libuna 20090124, zlib 1.2.3, libcrypto 0.9.8g, libuuid) 
 
Information for export required, please provide the necessary input 
Export to file format (raw, ewf, smart, ftk, encase1, encase2, encase3, encase4, encase5, encase6, linen5, linen6, ewfx) [raw]: 
Target path and filename with extension or - for stdout: floppy.raw 
Start export at offset (0 >= value >= 1474560) [0]: 
Amount of bytes to export (0 >= value >= 1474560) [1474560]: 
 
Export started at: Sat Feb 28 19:19:40 2009 
 
This could take a while. 
 
Status: at 2%. 
        exported 32 kB (32768 bytes) of total 1.4 MiB (1474560 bytes). 
 


...


 

Status: at 100%. 
        exported 1.4 MiB (1474560 bytes) of total 1.4 MiB (1474560 bytes). 
        completion in 1 second(s) with 1 MiB/s (1474560 bytes/second). 


 

Export completed at: Sat Feb 28 19:19:41 2009 


 

Written: 1.4 MiB (1474560 bytes) in 1 second(s) with 1 MiB/s (1474560 bytes/second). 
MD5 hash calculated over data:  ae1ce8f5ac079d3ee93f97fe3792bda3

DIAGNOSTICS

Errors, verbose and debug output are printed to stderr when verbose output -v is enabled. Verbose and debug output are only printed when enabled at compilation.

BUGS

Please report bugs of any kind to <forensics@hoffmannbv.nl> or on the project website: http://libewf.sourceforge.net/

AUTHOR

These man pages were written by Kees Mastwijk.
Alterations for distribution have been made by Joachim Metz.

COPYRIGHT

Copyright 2006-2009 Kees Mastwijk, Hoffmann Investigations <forensics@hoffmannbv.nl> and contributors.
This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

SEE ALSO

ewfacquire(1), ewfacquirestream(1), ewfinfo(1), ewfverify(1)
October 17, 2009 libewf