Re: [sleuthkit-users] extracting .E01 and .Ex01 metadata

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Bala,

I think that you have a fundamental misunderstanding about the tools you are using.

There are no "method signatures" here. ewfinfo and tsk_recover are both command-line C++ tools. ewfinfo is built upon libewf, which is a C library. There is also libewfcs which is a C# implementation of the EWF format.  tsk_recover is based on The SleuthKit, which is a C/C++ library. There is no managed code interface, but I believe that there is a JNI interface that you could call from Java.

I'm not sure what you are trying to do, but I suspect that you need to focus on your desired outcome, rather than on the toolset.

On Sep 13, 2013, at 1:50 AM, "Bala" <bal...@cs...> wrote:

> Simson
>  
> I presume ewfinfo & tsk_recover  would suit me ideally according to the descriptions that I find, however I’ unable to locate both their method signature which could help me write a manged .Net code to call them.
>  
> Could you help me find them (method signatures) in this please.
> http://www.sleuthkit.org/sleuthkit/docs/api-docs/index.html
>  
>  
> Regards
> Bala
>  
> From: Simson Garfinkel [mailto:si...@gm...] On Behalf Of Simson Garfinkel
> Sent: Thursday, September 12, 2013 5:47 PM
> To: Bala
> Cc: sle...@li...
> Subject: Re: [sleuthkit-users] extracting .E01 and .Ex01 metadata
>  
> Why do you want to use classes and methods?
>  
> For #1 - what do you mean by "metadata"?   Do you want to use ewfinfo?
> For #2 - Perhaps you want to use tsk_recover?
>  
>  
>  
> On Sep 12, 2013, at 3:27 AM, "Bala" <bal...@cs...> wrote:
> 
> 
> Hi Guys
>  
> I’m a newbie to TSK. Could someone help me figure out which classes and methods that I need to use to get the following details from .E01 and Ex01 files
>  
> 1.       Extract metadata from the forensic image
> 2.       Iterate over files in the file structure on .E01 and .Ex01 images and read/copy the files.
>  
> Environment
> TSK Version 4.1.0 Core ( not the framework)
> OS version window 7/ windows 2008 R2
>  
>  
>  
> Regards
> Bala
>  
> ------------------------------------------------------------------------------
> How ServiceNow helps IT people transform IT departments:
> 1. Consolidate legacy IT systems to a single system of record for IT
> 2. Standardize and globalize service processes across IT
> 3. Implement zero-touch automation to replace manual, redundant tasks
> http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk_______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org
>  